Tens of millions of mobile Internet users could be cut off from the World Wide Web after an upcoming update goes through next year.
Facebook and web security firm CloudFlare are warning of the impending update, which will shutter the aging SHA-1 algorithm and replace it with a more secure one.
Alex Stamos, Facebook’s chief security officer, wrote in a recent post that the update will affect three to seven percent of the world’s mobile Internet users, “meaning that tens of millions of people will not be able to securely use the Internet after December 31st.”
CloudFlare says that millions of users in developing countries such as China, Yemen, and Ghana will be left without Internet access unless something changes.
Although 98.31 percent of the browsers are compatible with the update, the 1.69 percent that are not represent tens of millions of people.
The updated algorithm promises better security, since the SHA-1 algorithm was declared earlier this year as no longer safe by researchers.
As of midnight on January 1, the SHA-2 certificates will be put into place.
“What the folks on the CA/Browser Forum say is that we should force people to move into the future, and that is a compelling argument. But we were studying what the potential effects of this were… and the problem is that people across the world, most of them in the developing world, use old phones or desktops that don’t update themselves, and they won’t be able to access the internet,” Matthew Prince, CEO of CloudFlare, told BuzzFeed.
“We didn’t want to be hyperbolic. We wanted to be realistic. For the developing world, on average, 4 to 5% of visitors will simply be cut off.”
As an example, Mozilla says that its downloads decreased by about 1 million when they updated early to the SHA-2 certificate.
“A lot of the world is still running old browsers and come to our website to get Firefox […] [s]witching to SHA-2 will kill 5% of out downloads and that has a direct impact on ongoing Firefox usage unless we have a better solution to deal with legacy browsers,” wrote Chris More, web production manager for the company, in a blog post.
A Potential solution has been offered by CloudFlare, which has developed technology that would automatically send most users to the updated algorithm but those with older phones to SHA-1. Facebook supports the fallback on many of their sites.
The group in charge of the move, the CA/Browser Forum, said it’s interested in the solution and is working on bringing officials from the top browsers on board.
“There is a growing interest in Facebook’s proposal, but it will require all the browsers to consent in some way… that includes Google, Microsoft, Apple, and Mozilla,” said Jeremy Rowley, a representative of the group.