Google also has begun strongly advocating for the use of encrypted connections by marking websites as Secure or Not Secure in the Chrome browser.
Many security and privacy experts have begun recommending a ‘Secure Connections Everywhere’ approach to internet activity. This is resulting in users needing to be more aware of what information is ‘private’, along with the source & authenticity of the information that they receive. Additionally, the use of advanced data-mining techniques combined with the increasing availability of Big Data has started to blur the line for determining what is Personally Identifiable Information (PII). More recently, non-sensitive information has been used to dramatically increase the effectiveness of spear phishing and other social engineering exploits. Beyond enabling data encryption in transit, certificates also provide server authenticity (verifying the server’s identity & ownership to the client) and help protect against man-in-the-middle attacks. Websites have been using SSL/TLS certificates (https) to achieve this since the mid-1990s. JamieĮncrypting sensitive data (medical, financial, etc) in transit between client and server has been a legal requirement for many years. First, thanks to Sean McCown ( t| w) and Mladen Prajdic ( t| w) for their assistance with finding & confirming some of the information below.