TLS or HTTPS everywhere is not necessary the right answer
Since the revelations about the massive surveillance by Edward Snowden, we have observed a strong move towards increasing the utilisation of encryption to protect the end-to-end traffic exchanged by Internet hosts. Various Internet stakeholders have made strong move on recommending strong encryption, e.g. :
- The IETF has confirmed in RFC 7258 that pervasive monitoring is an attack and needs to be countered
- The EFF has promoted the utilisation of HTTPS through the HTTPS-everywhere campaign and browser extension
- The Let’s Encrypt campaign prepares a new certification authority to ease the utilisation of TLS
- Mozilla has announced plans to deprecate non-secure HTTP
- Most large web companies have announced plans to encrypt traffic between their datacenters
- …
Pervasive monitoring is not desirable and researchers should aim at finding solutions, but encrypting everything is not necessarily the best solution. As an Internet user, I am also very concerned by the massive surveillance that is conducted by various commercial companies.