EFF: Half of web traffic is now encrypted

Half of the web’s traffic is now encrypted, according to a new report from the EFF released this week. The rights organization noted the milestone was attributable to a number of efforts, including recent moves from major tech companies to implement HTTPS on their own properties. Over the years, these efforts have included pushes from Facebook and Twitter, back in 2013 and 2012 respectively, as well as those from other sizable sites like Google, Wikipedia, Bing, Reddit and more.

Google played a significant role, having put pressure on websites to adopt HTTPS by beginning to use HTTPS as a signal in its search ranking algorithms. This year, it also ramped up the push towards HTTPS by marking websites that use HTTP connections for transmitting passwords and credit data as insecure.

HTTPS, which encrypts data in transit and helps prevent a site from being modified by a malicious user on the network, has gained increased attention in recent years as users have woken up to how much of their web usage is tracked, and even spied on by their own government. Large-scale hacks have also generally made people more security-minded as well.

A number of larger players on the web also switched on HTTPS in 2016, like WordPress.com which added support for HTTPS for all its custom domains, meaning the security and performance of the encryption technology became available every blog and website it hosted. Elsewhere in the blogosphere, Google made HTTPS connections the default in May 2016 for all the sites on its Blogspot domain, after having made HTTPS optional in fall 2015.

More recently, the U.S. Government has made strides toward ditching HTTP, with the news that all new executive branch domains would use HTTPS starting in the spring of this year. Another report on the federal government’s adoption of HTTPS from January found that of roughly 1,000 .gov domains, 61 percent enforce HTTPS.

And on the mobile web, Apple told iOS developers that HTTPS connections were required for apps by the end of last year, though it later extended that deadline. 

screen-shot-2017-02-22-at-3-01-48-pm

Many major news organizations have also moved forward (including us!), while efforts like the Let’s Encrypt project have helped pushed others, including WordPress, to take advantage of the technology. The EFF also has its own tool, Certbot, that is being used to help webmasters – even those running smaller sites – make the switch.

The EFF noted that the average volume of encrypted web traffic varies depending on which browser maker is reporting their metrics. However, Mozilla recently said that more of its traffic is encrypted than unencrypted. Google’s Chrome, which is widely adopted, is more in line with the “50%” figure, the EFF found, as it said that over half of web pages are protected by HTTPS across different operating systems.

screen-shot-2017-02-22-at-3-01-41-pm

Not all sites support HTTPS or have it as the default, of course. The Chrome extension HTTPS Everywhere can help with the latter, but more efforts still need to happen to get the other half the web encrypted as well.