Latest posts by Alvin Bryan (see all)
- Millionaire Tyupkin Malware ATM Hackers May Come to US, India After Hitting Europe - October 23, 2014
- BitLicense Will Allow Bitcoin Spying in New York - October 22, 2014
- Australians are Fighting Data Retention Laws - October 22, 2014
The Web’s fundamental protocol hasn’t been updated since 1999. There really wasn’t any need to change the way the Internet worked until we realized how vast and deep Internet surveillance really goes. For the Web’s 22nd birthday, it may just get a makeover that gives users an equal share of power to encrypt at will.
Inherent Internet Freedoms and Privacy Challenged
People experienced a revolution in communications when the Internet was first opened to the public. But this day also marked a great leap towards freedom of information. This ability to share and find information from oceans away had been the goal of many for decades before. But after two decades of enjoying the Internet, we find these freedoms challenged.
For years, websites have held the power and responsibility to encrypt data for the protection of all on the Web. But the degree of government spying and data mining has left many webmasters impotent. They are now at the mercy of government agencies. Our privacy when surfing the world wide web has been violated. And we lack the power to fully protect ourselves from such invasive and unwarranted snooping. We have tools like VPNs at our disposal to secure our online activities. But the Internet needs to evolve to give us back the freedom we once had to surf the Web without worry.
The HTTP 2.0 Makeover
The Internet Engineering Task Force (IETF) is a group of top class engineers who create and recommend standards for Internet functions. They gave birth to HTTP, which is the way that web browsers and web servers communicate with each other. In view of recent events, the IETF are considering a revamp to the web’s fundamental protocol. The proposed HTTP 2.0 was talked over by a group from IETF in Berlin. Internet surveillance was one of the major issues that influenced discussions on HTTP 2.0 design. They pointed out that pervasive Internet snooping has become a real and present danger to Internet users. They concluded that the Internet must therefore evolve. The new Internet must give users the level of security they need to fare well in the online world.
The IETF discussions on HTTP 2.0 revolved around encryption. Encryption is the main tool that can protect users from unwanted surveillance that can lead to privacy breaches and online theft. Any data sent over the Internet that isn’t encrypted can be intercepted and read. So every breach begins with who holds, or lets go of, the power to encrypt.
In 1999, the IETF upgraded to HTTP 1.1. Encryption capabilities on this Internet protocol rested with the webmasters. And whoever controlled the websites made the final decisions on what will and will not be encrypted. Most web pages are not encrypted because encrypted HTTP, or HTTPS, takes more computing power than regular HTTP. It is slower because of this load, and requires more complicated setups as well. Some companies cannot be bothered, and others cannot manage the load.
Encryption is at the Root of Online Protection
For the most part, encryption is only necessary for web pages that handle sensitive data like credit card numbers and passwords. This may fend of the more common Internet stalkers and thieves. But when we are faced with hard-core spying, it does little to protect website users.
Conscientious business owners may choose to protect consumer data with encryption. But pressured today to comply with government requests, they are not left with good choices. Some online services who refused to cooperate with such requests have been threatened with fines and even jail time. A few of these have opted to shut down rather than give their users away. Most, sadly, have not acted so honorably.
How the Internet Will Work on HTTP 2.0
The IETF has determined that to combat the current surveillance threat, encryption power should be granted to the Internet user. With HTTP 2.0, no longer will websites hold all the power to encrypt data. Users and webmasters will share equal encryption capabilities. Either the website or the user can require that encryption be used. This will ensure that users have the power to protect themselves the same way that websites can.
With HTTP 2.0, all websites will be required to offer encryption to users. And all users will have the power to demand encryption at any time, on any web page. This is a core change to the way browsers and websites interact. It secures all user data transmitted via the Internet. The catch is that it cannot guarantee the security and privacy of the information once it reaches its recipient. Websites that have user data are still in control over if, when, and how it is stored and shared.
The HTTP 2.0 design is slated to be finished at the end of 2014. Users cannot expect to get a taste of it until then. And even then the IETF may still be working out some technical details. It could easily be another half decade or more until HTTP 2.0 is implemented on a global scale. And many browsers and websites will retain the option to revert to the comfortable HTTP 1.1 for decades longer.
Trust Issues Remain
HTTP 2.0 can secure user traffic, but it cannot do anything about how websites deal with user data. It still comes down to trusting the website that you are transacting with. And it still comes down to how they choose to respond to the same data security and data privacy issues we are now facing. It still falls to users to be cautious about the online services they deal with. Users will still have to take responsibility for making sure that they do not share their data with companies that do not respect their privacy and security. But on the up side, online services will have to view user privacy with far greater respect than they have thus far. It is likely that the competition will rest on who provides the best privacy features. The hope is that websites will then practice what they preach, and not follow in the footsteps of the Internet giants who offer HTTPS widely on their websites but sneak data out the back door.