Web encryption technology is 20 years old. So why isn't every site using it?

When you visit your bank, you probably see a green lock icon in your browser that looks like this:

That icon means you're using Secure Sockets Layer (SSL), a technology that encrypts communications between users and websites. SSL has been around for 20 years, and it's been widely used for financial transactions since the 1990s. But back then, the technology was too slow to be practical to use on every website.

But as the technology has improved and computers have gotten faster, that's been changing. Sites like Facebook and Twitter began using SSL in the last few years, and media organizations like the New York Times are currently working to adopt it. Advocates hope that SSL will become ubiquitous in the next few years.

People usually think of SSL as a way to protect people's privacy. When you browse a website that's not protected by SSL over a wifi network, the information you upload and download can be intercepted by other people near you. SSL prevents this by scrambling the data before it's sent across the network.

A blog post from security researchers at Google points out another huge benefit of using SSL across the web: it helps fight cyberattacks. The post analyzes last month's attack against the programming site Github, which was hosting material that had been censored by the Chinese government. The attackers had inserted malicious software into webpages from the Chinese search engine Baidu. This software caused Baidu users' computers to begin flooding Github with traffic, temporarily knocking the site offline.

As far as we can tell, Baidu wasn't responsible for these attacks. Rather, the attackers — widely believed to be connected to the Chinese government, though there's no proof of this so far — appear to have carried out this attack by modifying Baidu pages as they traveled across the Chinese internet.

This kind of attack is a lot more difficult to carry out against a site that uses SSL. Webpages protected with SSL aren't just hard to intercept, they're also hard to modify, which means users won't be exposed to the risks of third parties tampering with the websites they visit.

Google has started to apply significant pressure on website owners to upgrade to SSL. Last year, the company announced it would start penalizing websites that don't adopt it by docking their search results. The penalty is small for now, but Google says it may increase it in the coming years. That creates an added incentive for webmasters to get on board, improving security for both their users and the web as a whole.

Will you support Vox’s explanatory journalism?

Most news outlets make their money through advertising or subscriptions. But when it comes to what we’re trying to do at Vox, there are a couple of big issues with relying on ads and subscriptions to keep the lights on:

First, advertising dollars go up and down with the economy. We often only know a few months out what our advertising revenue will be, which makes it hard to plan ahead.

Second, we’re not in the subscriptions business. Vox is here to help everyone understand the complex issues shaping the world — not just the people who can afford to pay for a subscription. We believe that’s an important part of building a more equal society. And we can’t do that if we have a paywall.

So even though advertising is still our biggest source of revenue, we also seek grants and reader support. (And no matter how our work is funded, we have strict guidelines on editorial independence.)

If you also believe that everyone deserves access to trusted high-quality information, will you make a gift to Vox today? Any amount helps.

One-Time Monthly Annual

$5/month

$10/month

$25/month

$50/month

Other

$

Yes, I'll give $5/month

Yes, I'll give $5/month

We accept credit card, Apple Pay, and Google Pay. You can also contribute via