When we look back at 2015, we will remember this as the year we launched our most ambitious technology project to date. EFF, Mozilla, and our partners gave the world theLet’s Encrypt certificate authority. Certificatesbecame available to the public on December 3.
Let’s Encrypt makes getting a digital certificate for an Internet site fast, free, and easy, so sites can easily enable HTTPS encryption (and some other encrypted protocols). We think this is a vital step in getting Web connections routinely encrypted, by reducing the cost and difficulty of getting a certificate that browsers require when making secure connections.
We know online encryption is essential. We’ve seen everyone from college dorm-mates to advertisers to national intelligence agencies exploit the lack of protection on Web connections to spy on what people do online and tamper with the information they receive. HTTPS is a basic layer of protection forming our first line of defense against much of this spying and tampering, yet people who run Internet services kept telling us that they found getting a certificate too cumbersome or expensive. Without the certificate, browsers can’t tell if an encrypted connection is direct or is being maliciously proxied, so they don’t consider the connection secure.
So for the past three years, EFF and our partners from Mozilla and the University of Michigan, plus a range of sponsors, pursued a plan to automate the process, removing financial cost and technical challenge. We announced this plan to the public a year ago. We and our partners have worked hard on building out Let’s Encrypt throughout 2015, and earlier this month our efforts came to fruition as the Let’s Encrypt CA became openly available to everybody.
Let’s Encrypt has had a terrific reception. In just the first two weeks of public availability, weissued over 130,000 certificates, helping sites all around the world protect their users with HTTPS. People are writing third-party software to help system administrators get certificates from us, and major Internet hosting companies have indicated they’ll make it a standard part of their hosting services, so all of their users can get HTTPS by default.
Since HTTPS only protects connections between users and websites, it isn’t a panacea for all online privacy risks. But it’s one of the most practical encryption options available to all Web users today. By creating the Let’s Encrypt service, we and our partners are helping to change the default in favor of protecting everybody’s online privacy and security.
This article is part of our Year In Review series; read other articles about the fight for digital rights in 2015. Like what you’re reading? EFF is a member-supported nonprofit, powered by donations from individuals around the world. Join us today and defend free speech, privacy, and innovation.