I have disabled Cloudflare and enabled Let’s Encrypt on amccoll.com.
It’s free, open source, and backed by every big player on the Internet. Big thanks to my host, SiteGround, for implementing a two-click installer so quickly.
I have also loaded a WordPress plugin to enforce https, so as you browse and use my site, make sure you’ve got a little padlock icon like this in the top left corner of your browser at all times.
Https ought not to affect the loading speed of webpages at all – as a notable example, it’s been used on Google, Youtube and Facebook for years now, and if it’s good enough for them, you should trust its speed.
The advantages are clear. A regular http connection can be intercepted by a so-called ‘man-in-the-middle‘, a malicious individual or organisation that routes traffic from your computer first to their servers, logs details of each packet of traffic, then sends it on to my webserver. At a later date, or in a particularly advanced system in real-time, details of exactly what’s been sent and received can be read.
An http connection can’t monitor or know that interceptions like this have taken place, primarily because the protocol was built first and foremost to be lightweight and fast. The more checks it does, the slower it’s going to fetch the webpage for you. This is also because some data almost always needs to sent to other servers for a variety of reasons. This is information like the country you’re connecting from, and the physical location of my webserver, to calculate how to best route traffic around the world. Dedicated servers globally are also used to translate text-based web addresses into numeric codes – DNS servers.
Https doesn’t change this basic mode of operation. Certain vital, impersonal data can be sent where it’s needed, but importantly, everything you see within the 4 corners of this webpage has been encrypted before it left your computer and can only be decrypted and read after it reaches my webserver, or indeed visa-versa. If a man-in-the-middle were to request what had been sent and received between us they could still get hold of it, but in an encrypted format (TLS 1.2) that in current conditions ought to be impossible for them decrypt.
Clearly this is of paramount importance for activities like online banking, shopping, legal matters, photos of your private parts and so on…
However, just using my minor website you may decide to log into your WordPress account in order to comment – your username and password could be snooped on. You might enter your email address to subscribe to blog updates – a billionaire in Nigera would like to talk to you.
I think that the advent of Let’s Encrypt is of particular importance to websites having anything to do with China. The Chinese government is known certainly to route all traffic in and out of it’s geographic borders through it’s own webservers and monitor unencrypted connections; the so-called ‘Great Firewall of China‘. It may also be providing this service to other countries. In fact, it has on occasions, accidentally or deliberately, routed all global web traffic through it’s servers.
The Chinese government probably wouldn’t be that interested in your WordPress login details, unless what you wrote in the comment section would be considered a criminal activity in the Peoples’ Republic. When renting a broadband line or using an Internet cafe in China, there is a legal requirement for real-name and ID card number registration.
Chinese netizens definitely shouldn’t be posting antagonistic viewpoints, sharing contact details, suggesting public protests or covert religious worship over unencrypted connections. There’s a very high chance that those activities could end in a visit from the state security apparatus.
For all visitors, enjoy your new, security enhanced experience of amccoll.com.