Mozilla says more traffic now encrypted than not

News by Roi Perez

The web firm Mozilla claims that despite it's failings, the use of HTTPS by web users is still preferable to them not doing so.

According to figures from internet company Mozilla which makes the Firefox web browser, over half the average volume of internet traffic is now encrypted.

The firm says you are now more likely to visit an encrypted website over the HTTPS protocol than not.

According to Mozilla, the figures were recorded over a two-week running average, so the figure could fluctuate over the next few days.

It went on to highlight, however, that HTTPS isn't perfect, and it doesn't hide the fact that you're visiting a particular website.

However it will mean everyone from internet service providers and the government, will have a much harder time seeing what information a person might read or be posting to the web.

Likewise, it helps to ensure that when you visit a website, you're seeing what its authors intended, ie it's not a phishing website.

Josh Aas, the co-founder of Let's Encrypt,  was reported in Wired as saying: “Billions of users will start to regularly experience a web that is more encrypted than not. Expectations for security will continue to rise, and as a result we expect to see sites move to HTTPS even faster than they have been.”

Despite this, HTTPS still has some serious limitations. In 2014, security researchers discovered the major Heartbleed vulnerability in OpenSSL, the software that allows HTTPS to work. This dealt a major blow to confidence in the protocol actually protecting web users.

Unfortunately, a recent study by Internet of Things search engine Shodan found that nearly 200,000 servers remain vulnerable to Heartbleed, almost three years after the world learnt of the bug.

Technical issues aren't the only ones which haunt HTTPS either. The protocol depends on “certificate authorities” such as Let's Encrypt and VeriSign to issue certificates that vouch for a site's authenticity.

If a hacker were to hack into one of those authorities, they could hijack certificates or issue certificates themselves. Security giant Symantec was recently caught issuing illegal certificates - for the third time.

Mozilla asserts that using HTTPS, despite its limitations, is better than leaving the web unencrypted.

That means Aas and LetsEncrypt have more work to do. “Fifty percent is an important milestone,” Aas says. “But there's still another 50 percent to go.”

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews