People have started taking Edward Snowden’s advice on using Web encryption to shield their movements online, according to a new study. After the former U.S. National Security Agency contractor leaked documents on the government’s surveillance programs, encrypted web traffic has more than doubled worldwide.
In March, Snowden told a room full of tech industry workers at the SXSW Interactive conference that the only way people can protect themselves from government surveillance was to use Web encryption. He said that the United States didn’t even know all the documents he had because “encryption works.” And it looks like people worldwide are heeding that advice.
According to a recent study by broadband network equipment company Sandvine, Americans started using encryption over 60 percent more often after the NSA leaks, using SSL for nearly 4 percent of all peak Internet traffic. But Web users in Europe and Latin America bested Americans’ privacy efforts by encrypting websites three- and five-times more than before, respectively.
The uptick in encryption use aligns with growing public concern for privacy online and elsewhere. In recent years, almost all Web users have taken steps to minimize their digital footprints, such as clearing their browser history and cookies. But encryption adoption is still low, with only 14 percent of American Web users saying that they’ve encrypted their communications, according to a Pew study published in September.
Another possible contributor to the surge in encryption use could be from changes in the tech industry. Internet companies such as Google and Facebook have been automatically turning on encryption for their sites. Google recently announced that it would begin encrypting all Chinese Web traffic as part of its global encryption project. The move would cripple the country’s infamous censorship program, as well as those in Saudi Arabia and Vietnam, by blocking government’s ability to home in on users searching for banned terms or content.
Encryption makes it so that any one “listening in” on a user’s online activity can only see the website’s domain name, not the exact page. Encryption can be enabled simply by manually typing “https” instead of “http” before the web address on any website that supports it, but it’s often not a default setting. Microsoft, Yahoo and Facebook all started using default encryption for email and messages in response to the NSA leaks.
The study also comes on the heels of the Heartbleed bug discovered in April that left thousands of encrypted websites — up to 70 percent worldwide — vulnerable to hackers. The flaw, which the NSA exploited, was a part of the encryption coding that shields online traffic and went undiscovered for two years exposing millions of passwords, credit card and other personal information. Yet even after people heard about the Heartbleed bug, only 61 percent took action and changed their passwords, suggesting there is still more work to be done to convince people to protect their information.
An earlier version of this article said any website could be encrypted by manually entering in “https” before the web address. That encryption method works only if the website supports it. If the website doesn’t support “https” there’s no way a user can enable encryption.