For 37 million users across the globe, portions of the Internet will no longer exist on Friday.
January 1, 2016 marks the day that Secure Hash Algorithm 1 (SHA-1) will cease to provide users with an encrypted connection. For 98.31% of the population online, browsers will default to SHA-2 and life will continue as usual. For everyone else, the encrypted Internet is about to look like this:
As
CloudFlare pointed out, 1.69% of the Internet population may not sound like a lot, but these nearly 40 million users are clustered in areas of the world already operating at a disadvantage: “Unfortunately, this list largely overlaps with lists of the poorest, most repressive, and most war-torn countries in the world. In other words, after Dec. 31, most of the encrypted Web will be cut off from the most vulnerable populations of Internet users who need encryption the most. And, unfortunately, if we’re going to bring the next 2 billion Internet users online, a lot of them are going to be doing so on secondhand Android phones, so this problem isn’t going away anytime soon.”
The unlucky 37 million are largely found in Africa, Asia, Latin America and the Middle East and typically aren’t carrying the latest technology in their back pockets. (Beware, users of Windows XP before Service Pack 3, Android before Gingerbread and pretty much any phone more than five years old.) A CloudFlare report listed the 25 countries most affected by the change: approximately 1 of every 20 browsers will be unable to support SHA-2 in Cameroon, Yemen, Sudan, Egypt, Libya, Ivory Coast and Nepal; other countries significantly affected include China, Ghana, Nigeria, Ethiopia, Iran, Tanzania, Syria, Paraguay, Angola, Kenya, Algeria, Bahrain, Nicaragua, Myanmar, Senegal, Bangladesh, Venezuela and Pakistan.
It’s undeniable that the shift away from SHA-1 will negatively affect the very users who have long been the Internet’s second class citizens, but the alternative leaves little to be desired. The decision to migrate away from 20-year-old SHA-1 is rooted in insecurity, as the algorithm is widely understood to be increasingly easy to break.
Such is the Internet for the poor, repressed and war-torn—at best, insecure and at worst, nonexistent. As efforts continue to bring the next 2 billion online, users must keep in mind that their security ultimately remains in their own hands, and also that the planet is far from a being a net neutral place. When SHA-1 appeared in 1995, it was widely supported across all browsers; twenty years later, SHA-2 does not come with the same universality. In an era in which the desire to advance technology has outpaced the desire to meet the needs of all users, no one should take whatever Internet connection or security they have for granted.
Want to know more about the current state of an encrypted, net neutral Internet? Read on!