Today's servers are a lot faster. Google estimates that using SSL encryption only increases the load on its servers by about 1 percent. So a lack of computing power isn't a good excuse for not using SSL. A lot more websites use the technology today than did a decade ago. Yet there are still a lot of websites that don't use it.
This is why a new announcement from Mozilla is such a big deal. The nonprofit company behind the popular Firefox web browser has decided that the lack of SSL will be treated as a security flaw.
Mozilla is planning to back this determination up with some concrete actions — in the future, non-SSL websites won't have access to security-sensitive features such as your camera.
But the move is also significant from a rhetorical point of view. Until now, SSL has generally been seen as an optional feature — something that's nice to have but not essential if you're not running a bank or e-commerce site. Mozilla is hoping to change the conversation, describing sites that don't support SSL as defective.
And there's good reason to think this will work. Google, the company behind the industry-leading Chrome browser, is a big SSL supporter. Google is considering taking a similar step with Chrome, and has already started downgrading non-SSL sites in search results.
Ultimately, this is good news for users everywhere. SSL doesn't just protect users from snooping, it also safeguards the integrity of websites, preventing intermediaries from hijacking pages for their own purposes. And with luck, we could soon live in a world where almost every website uses the technology.
