Fictional E Corp offices in Mr. Robot
Developers can be sure that rollbacks on internet privacy regulations won’t have clients clamoring to request that their user data is *easier* to track - more likely the opposite, particularly as Google continues to prioritize secure sites in search results. As user awareness about privacy increases, the demand for security from the client side, even for non-transactional or password protected content, will become more common.
User privacy is an important subject and there are numerous strategies to secure internet data ranging from basic user behavior (i.e. password maintenance) to potentially complex tools (i.e. VPNs). However, a few key practices will go a long way toward assuring clients, users, and search engines that data is secure.
Verifying site security will soon be fully baked into the user experience of internet browsing. Browsers are beginning to more clearly signal to visitors when a site is not encrypted - sometimes flashing a warning before sending sensitive information through an insecure page. As users recognize the risks associated with unencrypted sites, the demand for developers to follow strong security practices will grow.
As a matter of practice, sites should provide a security certificate that confirms the identity of the server and the type of encryption being used. Earthlings like the tools provided by Let's Encrypt, which allows for free and easy certification creation, validation, signing, installation, and renewal. Making the process of securing sites more accessible is a goal we support.
Unlike transport layer security (TLS), there is not usually an obvious signal to a user when a site’s content management system (CMS) is out of date. Client administrators will see a warning in the dashboard, but these warnings can be overlooked, putting greater responsibility on site developers to be vigilant about maintenance and security.
Performing regular CMS updates and choosing plugins from trusted sources is as essential as transport layer security. Earthling developer Bekee Gibson reminds us to “mind our Ps and Qs” - Plugins and Quarterly updates, and you’ll be in good shape.
It appears as though policies regulating the internet are moving toward favoring ISP demand for data over user privacy, but relying on regulations to protect users would be naive under any circumstances. Since the regulatory environment is often inconsistent with the actual experience of the internet, it is critical for developers to support the security and privacy goals of clients and their users. From the huge range of options available for site protection, basic trustworthy encryption and regular site maintenance should be the minimum security measures applied to professionally built websites.