On the 1st of January 2016, anyone who owns a cell phone that is more than five years old will not be able to use it to access the encrypted web, BuzzFeed News reports. That includes accessing sites like Google, Facebook, and Twitter.
In some developed countries a 5-year-old phone might be treated as an antique, but for some parts of the developing world up to 7% of internet users will be cut off from the world’s most popular sites, according to research recently published by Facebook. You can see which countries will be most affected here.
The Internet cutoff is part of a plan to keep encrypted websites secure. According to Ars Technica, these encrypted sites use SHA-1, a cryptographic algorithm, to protect themselves against hackers. Most of these major sites intended to upgrade their security in January 2017 regardless, but because hacking threats have become more imminent, they are upgrading them sooner. As of Jan. 1, 2016, only SHA-2 certificates will be accepted, which people who have older model phones don't have.
CEO of CloudFlare Matthew Prince conducted a research with Facebook showing as many as 7 percent of the world's Internet users might be affected by this SHA-1 cut-off. "It is important to remember that the Internet is not just guys with the newest laptops and an iPhone 6," he told BuzzFeed. Of course this isn't as big of an issue in the United States as it is in developing countries, Prince elaborated: "We didn't want to be hyperbolic. We wanted to be realistic. For the developing world, on average, 4 to 5 percent of visitors will simply be cut off."
Facebook Chief Security Officer Alex Stamos agrees with Prince about how widespread of an issue this could be. "We don't think it's right to cut tens of millions of people off from the benefits of the encrypted Internet," he wrote in a blog post on Dec. 9. "We should be investing in privacy and security solutions for these people, not making it harder for them to use the Internet safely."
Though Facebook has appealed to the CA/Browser Forum (the group who determines what encryption policies will be used and when) to push back the SHA-1 shutdown, it seems unlikely that will actually happen. A CA/Browser Forum representative told BuzzFeed that while there's a "growing interest" in Facebook's plan, "it will require all the browsers to consent in some way… that includes Google, Microsoft, Apple, and Mozilla."
No comments:
Post a Comment