Let's Encrypt Reviews

What is Let's Encrypt? It's a necessary development for online privacy - all website owners take note!

about Let's Encrypt and HTTPS Everywhere, SiteGround · · Helpful Not helpful 4 Helpful

When you connect to a website, you either do it by http or https. The 's' in the second case stands for 'secure'. It means that the data traveling between your computer and the website (in both directions) is encrypted. That in turn means people in between your computer and the website's server (e.g. your internet service provider, hackers, federal investigators and others) can't see what the data is, only how much of it there is and which points it's traveling between. Therefore https connections improve your security and privacy online. It is for this reason that they are used to connect you to banking websites, most webmail providers, Facebook, Wikipedia, paypal and many, many other websites. To check if the connection is https, rather than only http, look to the left of the address in your browser. You should see a green padlock symbol.

To connect via https to the website you visit that website needs to have a verifiable, trusted certificate showing that the https connection is genuine and trustworthy. Traditionally, there are trusted companies that offer such certificates and website owners would have to pay these companies to get these certificates issued. VeriSign and Comodo are two examples. So, for example, if you have a website hosted with, say, GoDaddy or SiteGround or BlueHost or similar, that company would charge you money to organize a certificate for you via Comodo or Verisign or a similar certificate issuer.

In the wake of the Snowden revelations, people became much more aware that internet traffic was being recorded on a mass scale by the National Security Agency, GCHQ and other intelligence agencies. In some cases, this hit hard several popular services, most notably Yahoo, whose unencrypted traffic between its servers was easily hoovered up and analyzed. A campaign arose with the objective to make every connection https by default. Part of the difficulty was the prohibitive cost.

Let's Encrypt is a way of doing this for free. Using Let's Encrypt a website owner can organize for his/her website a certificate that allows https connections for free. That's because the code behind Let's Encrypt comes from an open-source community effort supported by the "good guys" of the internet, including the Electronic Frontier Foundation, Mozilla, and others. Some website hosting services now offer to enable Let's Encrypt on their customers' websites, SiteGround being a prominent example. This despite the fact that SiteGround used to charge people for the expensive option in years gone by. That's very good for online security.

If you own a website, contact your web host company and ask them to set up Let's Encrypt for you. It should be free and quick. Ask them to do it in such a way that only https connections are possible.

Let's Encrypt is an excellent and necessary development. It means there are no longer any excuses for website owners to provide insecure connections for their visitors.

A related project to maximize https across the internet is the excellent browser plugin from the Electronic Frontier Foundation, HTTPS Everywhere. If you have this on your browser, it will always attempt https connections if they are possible, which minimizes the chances that your internet traffic will be snooped on.

It's worth noting that there is evidence - also from the Snowden leaks - that 1024 bit prime numbers are of insufficient strength to resist NSA cracking attempts. VPNs and other services should use longer key sizes.