Much of the Internet that you visit every day is encrypted. This is by design, in order to keep you safe during your browsing sessions. You can tell that a website has been certified as trustworthy if its URL begins with “https.” If you see this, you know that you are visiting the real version of that website and not a clever fake designed by hackers and thieves to lure you into giving up personal information.
However, on January 1, 2016, millions of people who own older computers and mobile devices may no longer have access to this protection, thanks to upgrades to the technology that verifies secure websites. Though this change is largely believed to have the strongest effect in the developed world where far more people are in possession of older devices there is the possibility that it could affect Internet users in the U.S. as well.
Facebook, CloudFlare discuss end of SHA-1
For years, websites have been protected by a cryptographic hashing algorithm known as SHA-1. Earlier this year, Ars Technica reported that SHA-1 was weak to a particular method of attack and could be compromised within the next three months. The report added that many researchers had known about these security flaws for some time and that plans were in place to abandon the algorithm by 2017. The new threats only served to push that deadline up by a year.
The plan is for the CA/Browser Forum — which is the industry group that determines encryption policy — to stop accepting SHA-1 signatures and move on to SHA-2, which is thought to be more secure. But while this move will benefit most Internet users, it will not be without consequence. Research published jointly by CloudFlare and Facebook found that users with devices more than five years old could have difficulty accessing popular encrypted websites such as Google and Facebook under this new algorithm.
Five years may seem like a long time in the tech world, but it is not unreasonable to imagine that some people are still using devices they bought in 2010.
“It is important to remember that the internet is not just guys with the newest laptops and an iPhone 6,” Matthew Prince, CEO of CloudFlare, recently told BuzzFeed News. Facebook and CloudFlare believe that those in the developing world will be hit the hardest by this change. For example, the study estimates that as many as 7 percent of Internet users could be affected.
The fact is that the security protocols that allow us to surf the Internet without worry must be changed from time to time to ensure their reliability. Those who do not keep up with the changes may find that their personal information is at greater risk.
If you have concerns about online security issues or identity theft, be sure to invest in a credit monitoring service, which can notify you of certain activities that may indicate fraud. Identity Guard also offers a service called Privacy Now that can help give you more control over your privacy online. Privacy Now gives you personalized recommendations to better guard your privacy and minimize your risk of fraud, gives you access to tools to actively monitor and manage threats to your data, and will send you alerts when your level of risk changes.