The cost of Web security

Soon The Web Will Be Safer and More Secure, The Cost: Performance & Less Websites

Taking an insight into the current world trend of securer / safer Web and the outcome that may pursue.


The most dominant force on the Internet nowadays – Google, which holds both most popular Web browser and search engine titles, is leading the way towards a safer Web.

In order to reach the desired goal, the road for a more secure Web (and by extent the entire Internet) is going through the encryption route. That is, whenever you connect to a web page (via your Web browser for instance), your connection is being encrypted.

So, when you browse your way around the Web you shall now on increasingly encounter Web pages that uses the prefix HTTPS in their URL address.

See IWF1 as an example, and perhaps even read why IWF1 is using https.

Why Security Unavoidably Detracts Performance

So, without boring you with the various technical details of it, suffice it to say that a website that has an HTTPS address prefix is in fact using a secure connection and the method of security it uses is encryption.

Besides limiting surveillance possibilities, an HTTPS connection also helps prevent various malicious attacks on unsuspecting users, attacks which are commonly categorized under the umbrella term “man-in-the-middle attack”, hence it’s unquestionably more secure than a plain HTTP connection.

However, in order to engage in a secure connection, machines (servers and PCs) therefore have to encrypt and decipher data – the outcome of which is the performance hit mentioned in the title.

To give you an idea of the bigger picture though, the Web has recently started moving to a new HTTP protocol which is faster than its predecessor thus you most likely won’t feel much difference when visiting a website that uses both https in conjunction with the newer HTTP protocol (IWF1 is such website for instance).

Nonetheless, the fact remains that without encryption in its way, every website would simply connect faster, and that’s something you just can’t take away.

Obviously, at this point you may conclude that it’s a well worth price to pay for security, if not an insignificant one altogether.

Without contradicting that notion, I think it’s important to mention that some websites you visit, perhaps even the majority of them, may nevertheless provide no significant value in terms of the information they might contain about you, just as the information about you visiting the supermarket to buy groceries may be in and of itself worthless.

So, the bottom line is that there surely are some cases where adding additional security can be summed up as nothing more than a performance hit – just like you wouldn’t want to go with, say, a bulletproof vest whenever you simply visit the supermarket. Though in other cases, it may be of crucial importance.

Why Security Leads To Less Websites

To give an example of how Google (together with other major players in the field) are pushing the Web towards the security zone, two days ago I’ve reported about how future versions of Google’s Chrome browser will be bolstering its security features.

The article explains how the new features will encourage users to sweepingly prefer visiting HTTPS websites on account of HTTP counterparts, but what isn’t discussed in that article and is very relevant to current case, is that following users’ preference, websites will also start migrating over to HTTPS connection, at least those that are able to afford it.

For years, having an HTTPS (SSL/TLS) certificate acceptable by browser vendors such as Mozilla Firefox, Apple’s Safari, etc… has raised the barrier level of both finance resources and knowledge required to maintain a website that supports HTTPS.

Recently though, that trend started to change with cheaper[1] or even free[2] certificates initiatives showing up, although the knowledge required to install those is still higher than what you’d expect from the average, not necessarily tech-minded, blogger.

But strongly encouraging websites to switch over to HTTPS doesn’t merely ends at the browser level, and at this point it might be important to stress that Google is not alone in this struggle; for example, starting with version 52 Firefox browser is not only labeling websites running on HTTP connection as insecure but also adds a warning message beneath input fields whenever a user starts typing on a page that uses plain HTTP connection.

Firefox 52 new warning message about insecure page

Firefox 52 new warning message about insecure page

So apart from pushing websites to embrace HTTPS at the browsers level, Google also offers a rather significant incentive[3] for websites who use HTTPS connection, that is, through its most widely used product – Google Search – the company offers better rankings for HTTPS Web pages in comparison to their plain HTTP counterparts.

The outcome of all that vigorous encouragement would therefore end up resulting in that website owners as well as potential website owners who wouldn’t manage to cope with the new de facto standards of higher cost and higher knowledge bar (stemming from maintaining a more secure website) – all of these fellows would have to give up their prodigy.

On the other hand, it’ll lead to a more professional Web overall, gradually shifting the force of the Internet from representing the voice of the masses to representing the voice of a bit smaller group. Only the future will tell whether that group will keep diminishing as time progress and more standards may apply or not.

I’m sure many of you would agree that in today’s ‘no-room-for-privacy’ age though, where cameras are used by individuals, businesses and even governments to record on public space and global surveillance is at its peak, the strive towards online security is an invaluable one, even despite it shortcomings.


Add your comment here...