Why Supporting Let’s Encrypt Matters…
…and Why Brave Integrates HTTPS Upgrades
Today Brave is proud to announce its corporate sponsorship of Let’s Encrypt, a free, automated, and open certificate authority (CA). Let’s Encrypt is a service provided by the Internet Security Research Group (ISRG) and is run for the public’s benefit. It gives domain name owners the trusted digital certificates they need to create more secure and privacy-respecting websites – at zero cost.
Those digital certificates enable HTTPS (Hypertext Transfer Protocol Secure) for websites, meaning that connections between the website and the viewer are encrypted, and that the information being viewed is authentic. URLs that begin with “https:” (as opposed to “http:”) tell users that the content cannot be tampered with by malicious intermediaries. Brave shows a locked icon to remind users that the site is secure.
Brave integrates HTTPS Everywhere directly into the browser, and has been doing so since its initial release in January 2016. This feature upgrades website connections to HTTPS, when available, for better user security and privacy. When you’re browsing, you rarely think about what’s under the hood of your browser, but expect that the information you’re viewing won’t lead to attacks or privacy issues. With Brave Shields (accessible by clicking on the lion head in the top right corner, or via Preferences), you’re able to see that HTTPS Everywhere is turned on by default and how many connections are made more secure with HTTPS Upgrades.
The biggest barrier to ubiquitous HTTPS has been the work needed for site owners to deploy and maintain the technology. In the past, HTTPS certificates had to be manually changed every year or so, which was a hassle for site maintainers. Certificates often required payment, which discouraged adoption both in big bureaucratic organizations and for small sites with limited financial means. Let’s Encrypt drastically alters that landscape by providing certificates which automatically update without requiring manual maintenance by a site owner. And because Let’s Encrypt certificates are free, they’re accessible and remove the barrier of even having to exchange payment information. Today, Let’s Encrypt certificates are used for nearly 70 million sites, including all WordPress.com custom domains and thousands of NASA sites.
We’re thrilled to be supporting Let’s Encrypt to reaffirm our joint commitment to a more secure web, as well as to open source technology. Let’s Encrypt is a non-profit that benefits everyone and that anyone can support, so feel free to contribute at the individual level as well!