"This project should boost everyday data protection for almost everyone who uses the Internet," said EFF Technology Projects Director Peter Eckersley. "Right now when you use the Web, many of your communications—your user names, passwords, and browsing histories—are vulnerable to hackers and others. By making it easy, fast, and free for websites to install encryption for their users, we will all be safer online."
Currently, most Internet traffic is unencrypted, meaning most interactions you have with websites leave your accounts vulnerable to eavesdropping by everyone from a minimally competent hacker to the U.S. government. The HTTPS protocol—in contrast to HTTP—encrypts your connection and verifies the authenticity of sites, protecting your data and personal information. Currently there are hundreds of millions of domains that lack this protection.
Server certificates are the anchor for any website that wants to offer HTTPS and encrypted traffic, proving that the server you are talking to is the server you intended to talk to. But these certificates have historically been expensive, as well as tricky to install and bothersome to update. The Let's Encrypt authority will offer server certificates at zero cost, supported by new security protocols. The certificates will have automatic enrollment and renewal, and there will be publicly available records of all certificate issuance and revocation.
Let's Encrypt will be overseen by the Internet Security Research Group (ISRG), a California public benefit corporation. ISRG will work with Mozilla, Cisco Systems Inc., Akamai, EFF, and others to build the much-needed infrastructure for the project and the 2015 launch.