Łukasz WrońskiUpdated: 26/07/2019
Try to spend five minutes looking for a major website that uses plain HTTP protocol instead of its encrypted equivalent. You can’t, right? Of course there are some inglorious exceptions like CNN and IMDB, but in general 9 out of 10 websites you’ll try will have all its pages encrypted. A bit of history Of
Try to spend five minutes looking for a major website that uses plain HTTP protocol instead of its encrypted equivalent. You can’t, right? Of course there are some inglorious exceptions like CNN and IMDB, but in general 9 out of 10 websites you’ll try will have all its pages encrypted.
Of course, it wasn’t always like this. Let’s go back in time… just a few years back.
It’s 2010. We’re looking at most popular online services. Facebook that already has 600 million users have no secure connection available until next year. Google – most popular search engine at the time does not use it nor provide an option to do so. Even popular shopping websites like Amazon or eBay that should threat their customers privacy as a top priority doesn’t have it, and they didn’t enforce it until late 2016.
This all changed somewhere around 2014 when corporations standing behind major web browsers and search engines decided to punish all of those who will not implement secure connection on their websites. Google declared that all encrypted pages will be shown higher in their search results, Mozilla started showing “this website is insecure” in all forms requiring passwords on non-https pages browsed with Firefox and Apple decided that all iOS apps must, at all times, use a secure connection while communicating with their back-end services.
The result: the number of pages using HTTPS doubled in the last two years and if we take into consideration only a million most popular websites it almost tripled in this time.
Is it a good thing? Of course. Why is this so important? Mostly because of man in the middle attack that in the least serious cases will cause a lack of privacy, but can also lead to serious consequences like identity or credit card information theft.
One of the important factors for this huge increase in security among the Internet is the availability of solutions that can help protect website users security for free. A few years back it was expensive and required more computing power. Today Cloudflare provides a secure connection in the form of DNS-based proxy for free and Let’s encrypt is widely recognized certification authority that gives you an https with no charge.
Some time ago we also decided to go with these recommendations and now all our services and websites are available only using secure connections. We also recommend using HTTPS connections for all new projects we create for our clients including mobile apps connections with backend APIs and Angular/React based front-ends. This way we give our customers the advantage of providing their users with the best level of security and privacy for just a few or even no money.