Ten years ago, the web was a very different place. Most websites didn’t use HTTPS to protect your data. As a result, snoops could read emails or even take over accounts by stealing cookies. But a group of determined researchers and technologists from EFF and the University of Michigan were dreaming of a better world: one where every web page you visited was protected from spying and interference. Meanwhile, another group at Mozilla was working on the same dream. Those dreams led to the creation of Let’s Encrypt and tools like EFF’s Certbot, which simplify protecting websites and make browsing the web safer for everyone.
There was one big obstacle: to deploy HTTPS and protect a website, the people running that website needed to buy and install a certificate from a certificate authority. Price was a big barrier to getting more websites on HTTPS, but the complexity of installing certificates was an even bigger one.
In 2013, the Internet Security Research Group (ISRG) was founded, which would soon become the home of Let’s Encrypt, a certificate authority founded to help encrypt the Web. Let’s Encrypt was radical in that it provided certificates for free to anyone with a website. Let’s Encrypt also introduced a way to automate away the risk and drudgery of manually issuing and installing certificates. With the new ACME protocol, anyone with a website could run software (like EFF’s Certbot) that combined the steps of getting a certificate and correctly installing it.
In the time since, Let’s Encrypt and Certbot have been a huge success, with over 250 million active certificates protecting hundreds of millions of websites.
This is a huge benefit to everyone’s online security and privacy. When you visit a website that uses HTTPS, your data is protected by encryption in transit, so nobody but you and the website operator gets to see it. That also prevents snoops from making a copy of your login cookies and taking over accounts.
The most important measure of Let’s Encrypt’s and Certbot’s successes is how much of people’s daily web browsing uses HTTPS. According to Firefox data, 78% of pages loaded use HTTPS. That’s tremendously improved from 27% in 2013 when Let’s Encrypt was founded. There’s still a lot of work to be done to get to 100%. We hope you’ll join EFF and Let’s Encrypt in celebrating the successes of ten years encrypting the web, and the anticipation of future growth and safety online.