The Let’s Encrypt Security Success Story

Close-up of padlock icon and HTTPS code

Back in 2013, a Professor of computer science and engineering at the University of Michigan in the USA conceived a little online service called Let’s Encrypt.

Professor J. Alex Halderman wanted to make online encryption free and accessible to all. But even he couldn’t possibly have anticipated the extent to which his project would revolutionise the internet.

Website encryption doubled in just four years

Halderman would never have been able to get the project off the ground on his own so he collaborated with a number of groups including the Electronic Frontier Foundation (EFF), Cisco, Mozilla, and Stanford University.

The result was a certificate authority which revolutionised website encryption. It launched in 2016, at a time when HTTPS secure encryption was relatively expensive and difficult to install.

Let’s Encrypt made the implementation of HTTPS both simple and free. Its impact is now clear.

Statistics from 2016 found that around 40% of websites were encrypted using HTTPS secure encryption. New figures from today show that the percentage has now jumped to a whopping 80%.

Experts have suggested the spike is largely down to the take-up of Lets Encrypt.

Let’s Encrypt has grown to become the largest certificate authority in the world which appears to support that assertion.

But Halderman and the team are not resting on their laurels. They have just published a paper which explains how the Let’s Encrypt project came to fruition. Their hope is that their success story can be a model for the streamlining and simplification other areas of online infrastructure.

Why did HTTPS take so long to roll out?

The HTTPS encryption protocol was actually created back in the 1990s. It was originally designed to secure online credit card transactions and other sensitive activities. It was quickly realised that HTTPS could be used to stop hackers intercepting data between a web browser and a website.

But, as Halderman has described in a recent interview with the University of Michigan to support their new paper, applying it to your website was far from straightforward.

In the past you had to choose an authority, pay a fee that could be as high as several hundred dollars, wait for your certificate to arrive and then go through a complex technical process to install it. This then had to be repeated every year or two.

The notion of offering this service for free was completely alien and as Halderman says, if he had written a paper on the notion before creating Let’s Encrypt, he would never have got it published.

But it was not just slashing the price of HTTPS that has increased take-up but also the massive simplification of the installation process. Now you can secure your site with HTTPS using an automated process that can often be implemented with just a single click.

Let’s Encrypt uses a process known as the ACME protocol which, as Halderman explains, costs just a fraction of a cent to do.

This is how Lets Encrypt is also to offer HTTPS to all websites for free with the support of its donors. It has made the entire web infinitely more secure which is why we at VPNCompare decided to sponsor Let’s Encrypt this year.

Why encryption matters

Encryption matters online more today than it ever has.

Hackers and government spies are using ever more sophisticated technology to intercept and read what we are doing online. Meanwhile, more and more of our everyday communication and tasks are being done online.

It is a perfect storm that requires a robust security solution and encryption is that solution. The implementation of HTTPS across the internet has done a huge amount to secure our online traffic. It is not for no reason that Google Chrome now flags all websites that don’t use HTTPS as insecure.

UK Government websites are also now required to use HTTPS while leading VPN service ExpressVPN has recently partnered with an extension called HTTPS Everywhere which forces your browser to connect to secure websites when they are available.

Let’s Encrypt has played a big part in its dissemination which is why we have sponsored it.

Christopher Seward, editor of VPNCompare said “Having used the internet since the year of HTTPS inception and having witnessed the impact encryption has played on the internet as a whole first hand it is clear the influence Let’s Encrypt has had on the security of the web.”

He went on to say “It’s difficult to imagine another organisation that has made the same security leaps in such a short space of time. With this in mind we had no hesitation to support the work that Let’s Encrypt do helping ensure their continual work.”

Securing 80% of websites with HTTPS is a huge step forward but we really want to see that figure climbing as close to 100% as possible and fast.

Always use a VPN too

But it is also important to remember that HTTPS alone is not a panacea to all security issues. It only encrypts data between your web browser and the web site. The rest of the time, your internet data is not encrypted and can be seen by hackers, government agencies, and even your own Internet Service Provider (ISP).

This is why we in some cases need to use VPNs too. VPNs encrypt all of your internet traffic from your device to the VPN’s end server. They also offer privacy protections that HTTPS does not.

Internet users have a responsibility to ensure that they are using the internet safely and securely. To do this requires a suite of tools including anti-virus and anti-malware software as well as a VPN.

But websites too have a responsibility to try and protect their user’s data.

HTTPS is the best way to do that, so if you run a website that doesn’t deploy the HTTPS protocol, take a look at Let’s Encrypt today.

It’s free to sign up and super-easy to use as many hosting companies allow you to implement it at the click of a button.

There really is no excuse.

Author: David Spencer

Cyber-security & Technology Reporter, David, monitors everything going on in the privacy world. Fighting for a less restricted internet as a member of the VPNCompare team for over 7 years.

Away from writing, he enjoys reading and politics. He is currently learning Mandarin too... slowly.

Leave a Reply

Your email address will not be published. Required fields are marked *