This is the second post in my series on the security protocol HTTPS. In my last post, I discussed the origin and basic functionality of HTTPS. In this post, I discuss how HTTPS has emerged to become such a dominant protocol.
Let me start by asking a simple question: How many of the last 10 web pages you’ve visited are HTTPS?
(Note: it would be great if you could check your browser history and share the number in a survey I’m running – I will share the results in my final post in this series).
It’s no secret that HTTPS is becoming more and more popular. In December 2015, 39.5% of page loads on the web used HTTPS (as measured by Firefox Telemetry). As of September 2016, it stands at 45%.
Similar growth has been recorded by Statoperator (the graph below shows how many of the one million most popular domains are using HTTPS protocol), as well as the Trustworthy Internet Movement, who found 44.9% of websites they’d analysed use HTTPS (as of September 2016).
What has been the major cause behind such continuous growth of HTTPS? The answer is simple: the expectation of users and web domain owners to be protected under the security umbrella (authentication, integrity, confidentiality) that HTTPS provides.
Need for security and strong campaigns helping to grow popularity
Since the inception of online communication, security has been a basic concern and is intensifying every day. It’s natural for any conscious netizen to expect the best possible security to protect our personal information when we are doing financial transactions through a bank’s website or purchasing something from an e-Commerce site.
Similarly, many web domain owners want to obtain a Secure Sockets Layer (SSL) certificate, which will turn their website into an HTTPS site. This can ensure better acceptance of the site by users, increasing its activities and uplifting its organizational image. SSL certificates are now also cheaper (you can buy a certificate for USD 10 /year from professional Certificate Authorities) and easier to buy.
Learn how to get a SSL certificate
HTTPS Everywhere is a collaborative project by The Tor Project and the Electronic Frontier Foundation, which provides extensions for Firefox, Chrome, and Opera that encrypts communications with many major websites.
Let’s Encrypt is a collaborative project headed by the Linux Foundation and facilitated by the Internet Security Research Group (ISRG), which offers a free, automated and open certificate authority. It has been running massive promotions for HTTPS through both technical and educational endeavours under the sponsorship of some key online players like Facebook, Mozilla, Akamai and Cisco.
Since launching in December 2015, Let’s Encrypt has issued more than 5 million certificates to the general public. Approximately 3.8 million of these are active, and cover more than 7 million unique domains.
In my next post I will look at some of the limitations of HTTPS as well as publish the result of my survey.
Azfar Adib works for Bangladesh ISP and Telco, Grameenphone Ltd. He is focused on review and analysis of data-service related trends and their impact.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.