Let’s Encrypt: Making the Web safer

Behind an easy new tool is a big ambition to encrypt the entire Web's traffic.

Josh Aas imagined an Internet where every site uses HTTPS, better protecting users from sneaky malware, invasive marketing and surveillance. He worked with a group of co-founders from Mozilla, EFF, the University of Michigan and other industry partners to launch Let’s Encrypt. Since it’s launch in December 2015, Let’s Encrypt has helped add encryption to around 24 million websites.

The goal of Let’s Encrypt is to lower the technical and financial barriers of access to security technology. The secure, encrypted connections that Let’s Encrypt enables have long been the norm for banking and e-commerce, but were previously not considered necessary for other websites and could cost up to hundreds of dollars a year. Let’s Encrypt has now made it possible for a website to obtain and maintain the requisite HTTPS certificate free of charge, and with just a few clicks.

Let’s Encrypt’s logo is modeled after the padlock in your browser’s address bar.

“People need to understand that the network is evil and wants to attack you,” says J. Alex Halderman, director of the Center for Computer Security and Society and board member of the Internet Security Research Group (ISRG) the non-profit that runs Let’s Encrypt. “That’s how we should think about unencrypted traffic passing through the Internet. The only way we can safeguard ourselves and protect our privacy is by using encryption. The era of innocence for Internet traffic has to be over today.”

It appears that site hosts and users are catching up to this reality. In just one year, HTTPS page loads on the Web have increased from 38.5% to 49.5% according to Firefox counts from December 2016. Much of this progress can be attributed to the ease of use of Let’s Encrypt, paired with large-scale deployments by Web hosting and cloud service companies.

The goal of Let’s Encrypt isn’t to have a monopoly on Web encryption, but to improve standards and tools that anyone can use to make encryption the default for all Web traffic. Major Internet forces, corporate and non-profit, are pulling together to see this happen.