Come New Year’s Day, nearly 40 million people around the world with phones or computers more than 5 years old will be cut off from the newly-encrypted internet.
New measures for internet safety, notably encryption, will be put into effect on January 1, 2016 which includes sites like Google, Facebook and Twitter. But for millions around the world, mostly in the developing world, the new encryption won’t be supported by their old technology, effectively cutting them off from the rest of the world.
Back in October, researchers at the Centrum Wiskunde & Informatica warned that SHA-1 could be easily broken by hackers and cyber criminals. The new measure, SHA-2, will fix the problem, but only for those who have the latest technology capable of supporting SHA-2-encrypted sites.
According to cyber-threat assessment firm Cloudflare, roughly 37 million people around the world will lose access to the internet from their old phones and computers. Matthew Price, the CEO of Cloudflare, told Buzzfeed:
“The problem is that people across the world, most of them in the developing world, use old phones or desktops that don’t update themselves. And they won’t be able to access the internet.”
Facebook’s Chief Security Officer Alex Stamos also commented on the change In a blog post published last week.
“We don’t think it’s right to cut tens of millions of people off from the benefits of the encrypted Internet, particularly because of the continued usage of devices that are known to be incompatible with SHA-256. Many of these older devices are being used in developing countries by people who are new to the Internet, as we learned recently when we rolled out TLS encryption to people using our Free Basics Platform. We should be investing in privacy and security solutions for these people, not making it harder for them to use the Internet safely.”
Facebook has so far suggested their own solution that will allow older browsers to receive both SHA-1 and SHA-2 security certificates which they made public for developers on their Github site.