Encrypted web traffic now exceeds 90%

802 点作者 gator-io超过 5 年前

30 条评论

svara超过 5 年前

We often hear the complaint here that nobody cares / cared about Snowden's revelations. But to me it seems he did provide a lot of the impetus for having HTTPS virtually everywhere and a lot of the instant messenging apps being end-to-end encrypted. Most of WhatsApp's users are as non-technical as it gets, and yet they use the kind of encryption that only computer enthusiasts were interested in just a couple years ago. It's a great development (all the limitations and caveats notwithstanding) IMO.

评论 #21423125 未加载

评论 #21423518 未加载

评论 #21423086 未加载

评论 #21423848 未加载

评论 #21424277 未加载

评论 #21425509 未加载

评论 #21426736 未加载

评论 #21424937 未加载

评论 #21424189 未加载

评论 #21424460 未加载

评论 #21427041 未加载

评论 #21424825 未加载

评论 #21427139 未加载

评论 #21424896 未加载

评论 #21423134 未加载

评论 #21423754 未加载

gambler超过 5 年前

I don't know why so many people here are patting themselves on the back over this. This is not the kind of encryption people were talking about in the 90s and 00s. A lot of this encryption is not point-to-point. It merely secures user's interaction with some middleman (or their server). What would the numbers be if you subtracted all the traffic that can be snooped on by Google, Amazon and Cloudflare?

评论 #21423100 未加载

评论 #21422887 未加载

评论 #21422792 未加载

评论 #21422892 未加载

评论 #21422973 未加载

评论 #21423064 未加载

评论 #21424448 未加载

mholt超过 5 年前

Good news for sure, but note that this isn't a total Internet scan:> We collect data from the browsers of site visitors to our exclusive on-demand network of analytics and social bookmarking products.More details about their samples: <a href="https://netmarketshare.com/methodology" rel="nofollow">https://netmarketshare.com/methodology</a>I would be more inclined to trust sources like <a href="https://transparencyreport.google.com/https/overview" rel="nofollow">https://transparencyreport.google.com/https/overview</a> and Firefox Telemetry which come directly from the browsers. But even these do not count data from mobile apps (most of which have to be encrypted now I think), embedded applications, scripts, and APIs.

评论 #21422959 未加载

评论 #21422639 未加载

alpb超过 5 年前

Also likely because in the past the internet was really diverse. One would visit 20 sites possibly during one session.Today, the landscape looks more like: You visit Google, click some links that open in AMP (still Google), visit some social networks (primarily Twitter and FB-owned properties). These companies already operate TLS-only, which helps these numbers.

评论 #21422404 未加载

smolder超过 5 年前

That's good. One structural issue with the internet down, many more to go. There is essentially no guarantee that cloud providers don't snoop through memory and steal your keys and sift through your data, for instance. There are just some big companies that we implicitly trust. Whenever the endpoint for encryption /decryption is under the control of a 3rd party, any guarantee of data safety isn't real. We have devices that constantly go out looking for new code to run, with proprietary blobs in firmware, which means they're 3rd party controllable. Control of the internet is in the hands of organizations that can't be held accountable for abuse of power over individuals.I guess I'm just saying I don't have faith that a system (I'm talking about the intersection of technology, government, and business here) which puts so little power in the hands of individuals will do an adequate job of serving their interests in the long term.

vinayan3超过 5 年前

We do need HTTP because sometimes public WiFi networks need you to agree to terms before any requests stop being redirected. I recently found <a href="http://neverssl.com" rel="nofollow">http://neverssl.com</a>That being said those public WiFi’s shouldn’t be redirecting sites in the first place because for HTTPs sites browsers don’t even let you see the page.

评论 #21423087 未加载

评论 #21425327 未加载

chrisweekly超过 5 年前

Awesome! Any idea how much of that is attributable to LetsEncrypt and HTTPSEverywhere?

评论 #21421634 未加载

评论 #21422247 未加载

评论 #21422763 未加载

评论 #21421738 未加载

评论 #21425478 未加载

评论 #21421919 未加载

est31超过 5 年前

While this milestone is wonderful, don't forget that it can't be decrypted for now. IMO we trust contemporary encryption algorithms too much, putting too much data through the wires that will only increase in value. We aren't at the end of the evolution either: we still don't have really secure random generators everywhere, we are still using key exchange methods that aren't quantum proof. And of course, computer programs (as well as hardware) still have security bugs.

评论 #21422530 未加载

miguelmota超过 5 年前

This doesn't mean 90% of all websites. This simply means 90% of web traffic which I'm assuming a good chunk of it comes from a few handful of services such as Netflix and YouTube

评论 #21425246 未加载

campuscodi超过 5 年前

No, it didn't. NetMarketShare has a very limited view into these things. Actual data from browser makersFirefox - 80% <a href="https://letsencrypt.org/stats/" rel="nofollow">https://letsencrypt.org/stats/</a>Google -- 88% on Android; 84% on Windows; 91% on Mac; 73% on Linux <a href="https://transparencyreport.google.com/https/overview?hl=en" rel="nofollow">https://transparencyreport.google.com/https/overview?hl=en</a>

jjice超过 5 年前

I actually just set up SSL on my EC2 instance after reading this comment section. It was stupid easy, and I can't believe I didn't do it before

Jonnax超过 5 年前

Nice. Remember the days when IT professionals would exclaim that this was a bad idea?Seems like it's cyclical thing. DNS over HTTPS is now the big bad technology.

评论 #21422115 未加载

评论 #21423296 未加载

评论 #21421854 未加载

评论 #21421934 未加载

robbya超过 5 年前

The 50-50 point appears to have only been June 2017, so the cutover rate is really quite rapid. I wonder how quickly we'll see 95%, 99%, and how long the long tail will be.<a href="https://netmarketshare.com/report.aspx?options=%7B%22filter%22%3A%7B%7D%2C%22dateLabel%22%3A%22Custom%22%2C%22attributes%22%3A%22share%22%2C%22group%22%3A%22secure%22%2C%22sort%22%3A%7B%22share%22%3A-1%7D%2C%22id%22%3A%22https%22%2C%22dateInterval%22%3A%22Monthly%22%2C%22dateStart%22%3A%222017-05%22%2C%22dateEnd%22%3A%222017-06%22%2C%22hiddenSeries%22%3A%7B%7D%2C%22segments%22%3A%22-1000%22%7D" rel="nofollow">https://netmarketshare.com/report.aspx?options=%7B%22filter%...</a>

ecesena超过 5 年前

One thing we recently started looking at is outbound traffic, i.e. links that people click within our website/app. We're going to publish some results (and joint forces) soon, but I wanted to share here because I feel outbound links are something usually ignored. Yet they can contribute to a significant part of the total Internet traffic.So, upgrading outbound links from http to https (where possible) can be another way to contribute to achieving 100% of the web traffic encrypted.

frankzen超过 5 年前

The Federal Government may not like this but this is heading to as it should be. Sometimes the government needs to be saved from itself!

评论 #21422949 未加载

评论 #21423216 未加载

code4tee超过 5 年前

Excellent progress and a great credit to LetsEncrypt and others that brought free cents to the masses. There’s almost no excuse to not encrypt anymore. The “not secure” shaming of non https sites by major browsers also applied some needed peer pressure.

rb808超过 5 年前

Does this include Netflix traffic? Which would skew the results.

评论 #21422459 未加载

评论 #21422525 未加载

ourcat超过 5 年前

Thank you LetsEncrypt.

ganitarashid超过 5 年前

Thank you Edward Snowden

geometricstripe超过 5 年前

The trend is going in the right direction.

jyutin超过 5 年前

greate!

ksenzee超过 5 年前

I wonder how much of this is due to Cory Doctorow's novel Little Brother.

jancsika超过 5 年前

To the 90%: if you've got nothing to hide then why are you encrypting your traffic?

评论 #21422364 未加载

评论 #21422172 未加载

评论 #21425323 未加载

评论 #21423181 未加载

评论 #21422968 未加载

评论 #21422130 未加载

评论 #21422421 未加载

meche123超过 5 年前

Oh, so finally most of the porn sites are defaulting to https?

ga-vu超过 5 年前

It's been at over 90% for more than a month, from what I can tell

评论 #21422316 未加载

axaxs超过 5 年前

Great. Now nobody can see what you do except companies who sell everything you do...

santojleo超过 5 年前

I’m sorry, but there’s a lot of smart people here. Why is everyone assuming HTTPS means no one is snooping? I presume someone is snooping no matter what.

评论 #21425181 未加载

uxp100超过 5 年前

I know this is good and all, but it does bum me out that Netscape 4.8 works much worse than it did even a few years ago. I prefer it to iCab, which might fair slightly better. Any suggestions for Mac OS 7.6 web browsers that support the minimum encryption required these days?

评论 #21424881 未加载

gscott超过 5 年前

This is good to keep out moderate bad guys from your data. But the not so much for the NSA. The NSA already captures traffic end to end including the key negotiation and can break the rest <a href="https://arstechnica.com/information-technology/2015/10/how-the-nsa-can-break-trillions-of-encrypted-web-and-vpn-connections/" rel="nofollow">https://arstechnica.com/information-technology/2015/10/how-t...</a>

评论 #21424432 未加载

评论 #21424377 未加载

whydoyoucare超过 5 年前

This statement would be more meaningful had it been phrased something like this: "encrypted web traffic, which most adversaries cannot snoop on, exceeds 90%".There will always be an adversary, far powerful than you, with an ability to snoop on your traffic - be it your ISP, the other endpoint, or owners of the infrastructure that you consume, but do not control.

评论 #21423212 未加载