Monday, May 04, 2015

Mozilla, Google push to see all web content encrypted, seen as a national security concern

Since sometime in 2014, there has been a gradual increase in proposals that the entire web should be encrypted.
That is to say, not only e-commerce sites, which take personal information and process credit card and bank information, but even news sites, or even amateur blogs. 
Recently Mozilla (behind Firefox) has announced that it will mark websites that don’t use “SSL *” (secure socket layer (Wiki) as “defective” or deficient in security, announcement here . A key verb here is "deprecate".  A typical news story is one on Vox by Tim Lee here
And Google has announced that with will penalize pages not protected by SSL in its search engine ranking as a negative “ranking signal” whose importance will grow over time. 
Sunday, I wrote a story on my Internet Safety blog about this, reiterating the idea that encryption may make ordinary non-commercial sites much harder to hack, especially from overseas, and especially given today’s world political climate.  I am personally less concerned about the snooping issue, but for some people, especially in authoritarian countries, this is a big deal.  And I can see from analytics that I do have traffic from Muslim countries, Africa, Russia and China, even when supposedly blocked. 
In the 1990s, encryption was slow, cumbersome and expensive.  Over time, it has gotten much more efficient.  Still, in my own experience, I find that most sites go into encrypted mode only when I have to log in, or transmit PII or financial information.  A few sites, like Electronic Frontier Foundation, encrypt all pages, but most news stories on other sites do not. 
I also checked my own ISP’s and I don’t see a straightforward set of steps to accomplish encryption yet.  It appears that Blue Host intends to (here), and Verio has a page on how to work with third parties that offer certificates here. 
Generally, it seems that encryption may be easier in a hosting environment when it is setup as a commercial site.  E-commerce, relative to non-commercial, is not as expensive as it once was.  Also, all internal linking needs to be relative (no hard-coding of URL’s). 

Ironically, this observation comports with a story here April 30, where many parties feel that independent artists like me should become more aggressive in retailing their own work rather than "depending" on the super-outsourcing from Amazon, which makes some of us "lazy" about our own salesmanship. 
One article that may be helpful is “Let’s Encrypt”, here  which sets a good example.

Seth Schoen has a video for this site, below. 

I will, in the coming period, look more closely at what it would take to encrypt my blogs and sites.  
But what would be helpful would be for hosting providers to come up with straightforward instructions and pricing plans as to how to do this.  That may require considerable project development on their side now, and I guess that would provide some good (coding and testing) jobs for college students right now working their way through school. 

No comments: