(NOTE: I was considering titling this article “Free SSL for All the Internets! YAY!!!” but I kind of feel like the much more drab “Should I Encrypt My Website?” has more SEO value. Damn Googles…)
In the past, this question had a very cut-and-dry answer: if you are handling sensitive information (online payments, social security numbers, etc.) then you encrypt; if not, don’t mess with it. Today, that answer might be a little less clear…but it’s certainly trending towards a resounding “YES!” Let’s start with the basics…
What is Website Encryption?
Put simply, website encryption is a way for your computer’s web browser and another computer on the internet to send data to one another in such a way that no one else online can understand the data being sent. Other computers might be able to see the data, but they cannot make sense of it.
Think of it like this… You are sitting a a table in a cafe and the people at the table next to you are speaking a foreign language–one that you do not understand. You know that they are talking to one another–you can hear the sounds they are making–but you have no idea what’s being said. In a very simplistic way, this is what is happening when you encrypt the communications between two systems online.
To carry our metaphor a little further, we should also understand that computers can speak an infinite number of languages. Therefore, your computer will speak language #1 to server “A” and language #2 to server “B” and language #3 to server “C” and so forth but will never speak the same language to two different servers. If a person’s computer is always speaking different foreign languages to different servers online, a person could browse the internet their entire lives and never worry about any of their communications being read by an unauthorized party.
Please understand that this is a very simplistic explanation and the details are much more complicated. Trust me, though…it works. If you want a little bit more thorough explanation about how encryption works you can check out some of these videos by Computerphile on YouTube. I think they do a decent job of explaining things in a way that many people can understand.
What Are The Benefits of Encrypting My Website?
In a world where individuals are becoming more and more concerned with online privacy, encryption is one more step towards assuring your website visitors that every byte of information they send to your website can only be read by your website and not a potentially nefarious third party. It’s a “Peace of Mind” tool that assures your visitors that their communication with you is safe.
If that’s not enough to motivate you, Google has explicitly stated that their search algorithm favors SSL / website encryption. We don’t often see blanket statements like this from Mountain View so when they offer something like this up, it’s best to heed their warnings and take their suggested actions–that is if you care at all about your rankings.
So, Should I Encrypt My Website?
As my old college roommate used to say, I’m very glad you asked this question. Historically, it’s been a little difficult to encrypt a website. To be honest, I’ve never done it partly out of a lack of need (I’ve never had to deal with credit card numbers or secure messaging or the like), partly out of cost (at $50 to $500 per year, it isn’t cheap), and partly out of anecdotal horror stories I’ve heard about the efforts involved. …and then there were the problems with the redirects… *sigh* Too. Much. Headache.
So why bother writing this article at all? Well, I’m hoping all of those things are going to change…today, actually.
Later today an organization called the Internet Security Research Group (ISRG) is opening up their new certificate authority (the “official” people online who hand out encryption certificates) for public beta. The new certificate authority is called Let’s Encrypt and it’s sponsored by Mozilla, Akamai, Cisco, The Electronic Frontier Foundation, and other prominent players.
The goal of the Let’s Encrypt project is to provide free, automated, and open SSL certificates to every website online. If they get it working correctly, that basically negates every one of the negative points I listed above.
I’ve been watching this project for months and I’m chomping at the bit to try their service. It’s still in beta, mind you, so I expect a few bugs here and there. As soon as I am able, I plan to try out their service and I further plan to do a full writeup and perhaps tutorial here on the Netvantage Blog.
Stay tuned! Today is an exciting day for online privacy!