Why Encrypt Websites?

This year, GCI implemented https encryption across most of its hosted websites. Most of these websites are pretty basic with simple information about a church or camp. There’s nothing really private on them. There’s no personal information collected to keep secure. Still, I had my reasons for wanting it and recent developments by Let’s Encrypt made it free to do. So we did it.

Today I was reading a question on the Let’s Encrypt email I get regularly asking why their goal is 100% encryption on the web. I thought it was a good question so I wanted to know, besides the reasons I already knew, why was this so important that people would put in so much work. So I did a little digging and found some things that surprised me.

What does encryption on your website do? It makes sure the web pages you have on our server make their way to the person viewing them without being altered. No one can see or change the information between when the server sends it and it’s received by the computer or mobile device viewing it. OK, that’s nice, but why is that important?

Well, the internet has changed a lot since it first started, much like society in general has changed. People used to trust each other. If you didn’t live in a big city, you could leave your doors and windows open without fear that someone was going to take your stuff. I know people who left the keys in their vehicles and no one ever bothered them. Wouldn’t do that now. The internet used to be a more cooperative place. People were polite and were there to share information.

Now, we have big companies trying to monetize your internet use. We have governments doing their best to spy on you. And we have hackers, some of which are governments, who use malicious code to try take over your computer and use it against you or someone else. Some things you might not know:

  • Verizon injects “invisible” header information into unencrypted web traffic to track your behavior for marketing purposes.
  • Other companies use Verizon’s information to sell your usage patterns to still other companies to try to sell you stuff.
  • Comcast injects advertisements into unencyrpted web pages “so you can be sure you’re using a Comcast hotspot.” Of course, it makes them money too.
  • Yahoo and Bing made deals with internet providers to access Google search results to make their search better without the customers’ knowledge until Google encrypted it so they couldn’t.
  • India and China have tried to censor certain pages on websites based on content, something they can’t do when it’s encrypted.
  • China has injected malware into web pages in transit to attack companies that try to post information on anti-censorship.

Moving everyone to https prevents a lot of this misuse of the internet. And Google takes https into account in their search results. And that’s why it’s important.

TechDirt ran an article last year about this from which some of this information came.