First it was Mozilla, and now Google is the latest to confirm that encryption is inching closer toward becoming a standard building block for websites and web applications.
Google reported yesterday that more than half of pages loaded on desktop versions of the Chrome browser are being done so over HTTPS.
“Secure web browsing through HTTPS is becoming the norm,” Google said in its Transparency Report, which for the first time now includes HTTPS usage statistics.
Two weeks ago, telemetry from Mozilla showed that for the first time since it began monitoring that half of all traffic in transit is encrypted. The number is a 10 percent jump from December 2015.
The rise is due in part to the explosion of free Certificate Authorities and SSL certificate services such as those offered by Let’s Encrypt, Cloudflare, Amazon, WordPress and others.
Google tracks HTTPS loads across platforms, and regionally worldwide. As of Oct. 31, Google said, 53 percent of pageloads on Windows systems using Chrome were done over HTTPS; Linux systems were at 57 percent, Mac at 62 percent and Chrome OS at 68 percent. Lagging behind was Android at 42 percent, Google said, but that number is up from 29 percent in March 2015.
“As the remainder of the web transitions to HTTPS, we’ll continue working to ensure that migrating to HTTPS is a no-brainer, providing business benefit beyond increased security,” wrote Adrienne Porter Felt and Emily Schechter of the Chrome Security Team.
Google rewards HTTPS websites with favorable search rankings over non-encrypted pages, hoping to entice and speed up that transition to an encrypted web. Google’s researchers also pointed out that ad traffic served over HTTPS is also going up, and that ads from Google sources such as AdWords, AdSense and others support HTTPS, and that ads sold directly through third-party ad networks must “HTTPS-friendly,” Google said.
To support that movement, Google’s numbers point out that users apparently spend more time on HTTPS pages, 69 percent and 70 percent more time respectively for Windows and Mac users.
Geographically, the U.S. leads the way in HTTPS usage (59 percent) on Windows, with Turkey, Russia, Mexico and others hovering at just more than 50 percent. Japan’s growth, however, is much slower, just 35 percent as of Monday’s numbers.
As for the role of free SSL providers, Let’s Encrypt seems to be at the forefront, adding one million certificates in one week recently, and close to 7 million this year with more large hosting providers ready to switch over soon, said Josh Aas, executive director of the Internet Security Research Group.
“I just love to think about how much data we’re talking about,” Aas recently told Threatpost. “The reality on the ground is there’s a whole bunch of data that’s encrypted now that wouldn’t have been before. Going from 40 percent (39.5 percent when Let’s Encrypt entered its public beta last December) to 50 percent is a massive amount. It’s hard to imagine what 10 percent of daily transfer on the Internet is like.”
