There is a timely clarion call from the security community that reflects the need for encrypting almost everything that flows through the Web. Members of the Electronic Frontier Foundation are calling for the permanent end to connections using the HTTP protocol.
Recent evidence of a growing threat landscape and increasingly advanced attack methods has served in a major part to prompt that call. And researchers are finding a more and more diminished impetus for keeping our information flow on an insecure transmission channel such as the HTTP. Especially in an advanced Internet world at present.
But of course this proposal is in direct collision against advertisers that rely on the HTTP-transmitted information in order to curate ads for specific audiences. In other words, they are averse to the HTTPS protocol, and in the process, hate security.
Putting encryption on a Website that gets much of its revenue from advertising, as a matter of need, would be utterly suicidal. Unless of course it can sustain its business on a subscription model. But because ads are inherently unecrypted, it only means most Websites are not providing their content in a secure environment.
Speed of content delivery is another factor that discourages ad-sponsored websites from using encrypted connections. The Internet works to transmit data with high bandwidth requirements quickly to consumers, and putting up an HTTPS protocol would tremendously destroy that mechanism for speed. The network will conk out.
But security advocates are pushing to drown out this kind of reasoning and explaining that if Internet companies want to secure their customers’ sensitive information such as email address, credit card data and other pieces of information, then the HTTPS is the only solution. Aside from that, they claim, censorship by states will be bypassed, especially in countries where freedom of expression is restricted such as Iran, China and North Korea. HTTPS also keeps government surveillance efforts out of the way.
The developer community also sees benefits from HTTPS. For example, GitHub needs encrypted code-sharing system for developers in censored countries like China, where the government uses its Great Firewall to block websites and pages that it considers to be threats to the government. That happens when the connection is using HTTP, which is open as the light of day for censorship to scan.
Google, meanwhile, has seen it fit to put up encryption for all of its services, including the search engine and email. However, many argue that Gmail is safe from eavesdropping except by Google. Then there is also the weak point where the other end of the communication line does not support encryption, everything will be in vain.
