Popular encrypted websites like Facebook and Google will be blocked come Jan. 1 to anyone with a cellphone that’s more than five years old, according to the head of a web performance and security company.
About 1.69 per cent of Internet users are on devices that use an outdated security algorithm — and while that may not sound like a lot, that’s more than 37 million people, according to a blog by CloudFlare CEO Matthew Prince.
“In a Silicon Valley tech company, where most employees get a new laptop every year and having a 5-year-old phone is unheard of, this may not seem like a problem,” Prince wrote. “But the Internet is used by billions of people around the world and most of them don’t have the latest technology.”
More than six per cent of Internet users in China are expected to lose access to the encrypted web. (Getty Images)
The tech industry is transitioning to a stronger security model with an algorithm called SHA-256, which works on more than 98 per cent of browsers.
Devices that are on an older algorithm, SHA-1, will be cut off from all encrypted sites on Dec. 31, 2015.
Generally, this is a good thing, said Price. If hackers can forge security certificates, they could impersonate a real site and intercept its traffic, he explained. But for some Internet users in developing countries, this will change everything.
“Unfortunately, this list largely overlaps with lists of the poorest, most repressive, and most war torn countries in the world.”
The country most affected will be China, where more than 6 per cent of all users will lose access. Cameroon, Sudan, Yemen, and Egypt also have high rates of users who will be affected.
“Unfortunately, this list largely overlaps with lists of the poorest, most repressive, and most war torn countries in the world,” Price wrote.
Facebook’s chief security officer, Alex Stamos, posted a public note urging the tech world to look into other alternatives. “We should be investing in privacy and security solutions for these people, not making it harder for them to use the Internet safely.”
“We hope that we can find a way forward that promoted the strongest encryption technologies without leaving behind those who are unable to afford the latest and greatest devices.”
We at Facebook believe that there is a better way to sunset SHA-1 while reducing harm to vulnerable populations. https://t.co/7sLcLqmpWV
— Alex Stamos (@alexstamos) December 9, 2015