Dan Phiffer Dan Phiffer builds websites, makes art, and teaches in NYC

On Encryption and

Nadim Kobeissi, maker of and Minilock:

The premise driving the people writing encryption software is not exactly that we’re giving people new rights or taking some away: it’s the hope that we can enforce existing rights using algorithms that guarantee your ability to free speech, to a reasonable expectation of privacy in your daily life. When you make a credit card payment or log into Facebook, you’re using the same fundamental encryption that, in another continent, an activist could be using to organize a protest against a failed regime.

In a way, we’re implementing a fundamental technological advancement not dissimilar from the invention of cars or airplanes. Ford and Toyota build automobiles so that the entire world can have access to faster transportation and a better quality of life. If a terrorist is suspected of using a Toyota as a car bomb, it’s not reasonable to expect Toyota to start screening who it sells cars to, or to stop selling cars altogether.

Link via Matthias Bruggmann

Let’s Encrypt (updated)

Update: since this was written, the letsencrypt-auto script has improved significantly. When I tried it again today (December 8, 2015), the process was basically just cloning the GitHub repo and running ./letsencrypt-auto. I’ll leave the original (outdated) information here for posterity.

As of today is being served using SSL encryption thanks to a free certificate from Let’s Encrypt. It’s a recently launched service, sponsored by Mozilla and the Electronic Frontier Foundation (among others), intended to make HTTPS encryption ubiquitous on the web.

Hooray for [Let's Encrypt!](
Hooray for Let’s Encrypt!

Let’s Encrypt is very new, and there are still some rough edges, but overall I’m impressed by how smoothly the process went. I wanted to document my experience, in case it’s helpful to others (and future-me). This post is a bit more technical than usual and, because the service is new, much of it may not be relevant very long into the future. That said, I hope this might offer some clues for folks trying to get up and running on HTTPS.