Why Supporting Let’s Encrypt Matters…
…and Why Brave Integrates HTTPS Upgrades
Today Brave is proud to announce its corporate sponsorship of Let’s Encrypt, a free, automated, and open certificate authority (CA). Let’s Encrypt is a service provided by the Internet Security Research Group (ISRG) and is run for the public’s benefit. It gives domain name owners the trusted digital certificates they need to create more secure and privacy-respecting websites – at zero cost.
Those digital certificates enable HTTPS (Hypertext Transfer Protocol Secure) for websites, meaning that connections between the website and the viewer are encrypted, and that the information being viewed is authentic. URLs that begin with “https:” (as opposed to “http:”) tell users that the content cannot be tampered with by malicious intermediaries. Brave shows a locked icon to remind users that the site is secure.
HTTPS is a powerful technology which supports and empowers an open web. When users are sure that they are securely connected to a site, they can use that site with confidence. Many of the most powerful web technologies — ones which let sites feel and act more like native apps — depend on secure connections. The more widespread HTTPS is, the easier it is for browsers to enforce strong security guarantees for all sites. In an ideal web, all sites are available over secure HTTPS connections.
Brave integrates HTTPS Everywhere directly into the browser, and has been doing so since its initial release in January 2016. This feature upgrades website connections to HTTPS, when available, for better user security and privacy. When you’re browsing, you rarely think about what’s under the hood of your browser, but expect that the information you’re viewing won’t lead to attacks or privacy issues. With Brave Shields (accessible by clicking on the lion head in the top right corner, or via Preferences), you’re able to see that HTTPS Everywhere is turned on by default and how many connections are made more secure with HTTPS Upgrades.
“As a browser vendor, Brave wants as many websites as possible to be secure and private. We integrate HTTPS Everywhere to upgrade website connections to HTTPS, but this is possible only if the website owner deploys HTTPS on their site. Because Let’s Encrypt is free and easy to use, it has vastly increased the percentage of domains using HTTPS,” said Yan Zhu, Brave’s Chief Information Security Officer, who previously helped build Let’s Encrypt.
The biggest barrier to ubiquitous HTTPS has been the work needed for site owners to deploy and maintain the technology. In the past, HTTPS certificates had to be manually changed every year or so, which was a hassle for site maintainers. Certificates often required payment, which discouraged adoption both in big bureaucratic organizations and for small sites with limited financial means. Let’s Encrypt drastically alters that landscape by providing certificates which automatically update without requiring manual maintenance by a site owner. And because Let’s Encrypt certificates are free, they’re accessible and remove the barrier of even having to exchange payment information. Today, Let’s Encrypt certificates are used for nearly 70 million sites, including all WordPress.com custom domains and thousands of NASA sites.
We’re thrilled to be supporting Let’s Encrypt to reaffirm our joint commitment to a more secure web, as well as to open source technology. Let’s Encrypt is a non-profit that benefits everyone and that anyone can support, so feel free to contribute at the individual level as well!
The new Brave browser blocks the ads and trackers that slow you down, chew up your bandwidth, and invade your privacy. Brave even lets you contribute to your favorite creators automatically.