December 11th 2015
Users of some old web browsers are advised to upgrade to a newer version in advance of the impending withdrawal of a key security algorithm … used in many security measures to guarantee identity and conceal individuals' internet usage. We should add that the vast majority are located in third-world countries, but some will exist in the UK.
The warning comes from Facebook's Chief Security Officer in a blog post. Alex Stamos wrote: "We don't think it's right to cut tens of millions of people off from the benefits of the encrypted internet."
The SHA-1 algorithm will stop being supported by web browsing programs next year and its replacement, SHA-2, will be incompatible with older browsers. Stamos says that many of the estimated 3% to 7% of the browsers affected, live in regions where web use is closely monitored.
The internet security firm Cloudflare has drawn up a list of countries where the older browsers are still in the most popular usage. Its co-founder Matthew Prince wrote: "Unfortunately, this list largely overlaps with lists of the poorest, most repressive, and most war-torn countries in the world. In other words, after 31 December most of the encrypted web will be cut off from the most vulnerable populations of internet users who need encryption the most."
Modern browsers that are updated to their most recent version will support SHA-2.
Both Facebook and Cloudflare are lobbying for changes to the way that browsers handle SHA-1 after its withdrawal, suggesting that it could still be used for those using a browser unable to use the updated SHA-2 algorithm.