clock menu more-arrow no yes

Web encryption technology is 20 years old. So why isn't every site using it?

Mike

When you visit your bank, you probably see a green lock icon in your browser that looks like this:

That icon means you're using Secure Sockets Layer (SSL), a technology that encrypts communications between users and websites. SSL has been around for 20 years, and it's been widely used for financial transactions since the 1990s. But back then, the technology was too slow to be practical to use on every website.

But as the technology has improved and computers have gotten faster, that's been changing. Sites like Facebook and Twitter began using SSL in the last few years, and media organizations like the New York Times are currently working to adopt it. Advocates hope that SSL will become ubiquitous in the next few years.

People usually think of SSL as a way to protect people's privacy. When you browse a website that's not protected by SSL over a wifi network, the information you upload and download can be intercepted by other people near you. SSL prevents this by scrambling the data before it's sent across the network.

blog post from security researchers at Google points out another huge benefit of using SSL across the web: it helps fight cyberattacks. The post analyzes last month's attack against the programming site Github, which was hosting material that had been censored by the Chinese government. The attackers had inserted malicious software into webpages from the Chinese search engine Baidu. This software caused Baidu users' computers to begin flooding Github with traffic, temporarily knocking the site offline.

As far as we can tell, Baidu wasn't responsible for these attacks. Rather, the attackers — widely believed to be connected to the Chinese government, though there's no proof of this so far — appear to have carried out this attack by modifying Baidu pages as they traveled across the Chinese internet.

This kind of attack is a lot more difficult to carry out against a site that uses SSL. Webpages protected with SSL aren't just hard to intercept, they're also hard to modify, which means users won't be exposed to the risks of third parties tampering with the websites they visit.

Google has started to apply significant pressure on website owners to upgrade to SSL. Last year, the company announced it would start penalizing websites that don't adopt it by docking their search results. The penalty is small for now, but Google says it may increase it in the coming years. That creates an added incentive for webmasters to get on board, improving security for both their users and the web as a whole.