Encrypting the Web

In 2009, EFF set out on a long-term mission to encrypt the Web. Our aim is to switch hypertext from insecure HTTP to secure HTTPS. That protection is essential in order to defend Internet users against surveillance of the content of their communications; cookie theft, account hijacking and other web security flaws; cookie and ad injection; and some forms of Internet censorship.

We have made a lot of progress. We began by asking some of the largest sites on the Web, such as Google, Facebook, Twitter and Wikipedia, to start offering HTTPS versions of their sites. Today each of those sites requires HTTPS by default.

We launched HTTPS Everywhere, a browser extension that automatically uses the secure form of many sites. As of 2015, HTTPS Everywhere has more than 5 million people using it, and covers tens of thousands of web sites.

We know that the benefits of encryption are undermined if there are weaknesses and vulnerabilities in our encryption protocols. Our SSL Observatory and Sovereign Keys projects are intended to make sure that HTTPS and TLS/SSL actually deliver the kinds of security they promise. And we have efforts including the Encrypt the Web Report and the crypto ops mailing list to encourage and assist Web companies to deploy encryption correctly.

We want every person and web site, no matter their size or skill, to reap the benefits of HTTPS. So with Mozilla and other sponsors, we developed the Let's Encrypt Certificate Authority, which will offer free and automated certificate issuance when it launches in September 2015. Let's Encrypt will dramatically reduce the technical barriers to implementing HTTPS on a broad scale.

We've made a lot of progress, and protected hundreds of billions of web requests, but there is much more work to do. And we won't rest until it's done.

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

Backdoors have been discovered in Arris cable modems. This is why we need a security research exemption to the DMCA. http://w00tsec.blogspot.com/2...

Nov 27 @ 2:15pm

Censorship powers, data retention, and vague hacking crimes: Pakistan's terrible cybercrime bill has it all: https://www.eff.org/deeplinks...

Nov 25 @ 5:11pm

While Bangladesh blocks social messaging apps, locals are turning to Tor and Twitter: https://globalvoices.org/2015...

Nov 25 @ 3:50pm
JavaScript license information