Google and the large technology companies worldwide have achieved that practically all the current websites use HTTPS. Thanks to this, the connections we make with them are completely encrypted, and our data travels between our devices and the servers where the websites are hosted in a secure manner.
Not all government websites use HTTPS
That one web have HTTPS It does not mean that it is secure, since that website may be under the control of a cybercriminal, and that the data we give them ends up in their hands to carry out illegal activities. However, if a website does not have HTTPS, then we can determine that it is not secure under any circumstances.
When a website is secure, in its URL we find that it begins with HTTPS. Currently this is seen more quickly if the page has a closed padlock to the left of the URL when we enter it in the address bar of the browser. If we click, we can see if the connection is secure, as well as check what certificate the web uses.
Unfortunately, institutional websites have a long way to go. As stated by the #websegura project of PucelaBits, only the 3% of institutional web pages Spanish meets a correct minimum configuration to avoid attacks. To determine if a website is secure or not, they have used Mozilla Observatory’s analysis service, which offers grades from A + (the best) to F (the worst). Only websites that receive an A or B rating are considered safe. The rest, have security deficiencies, and some even do not have HTTPS, or have certificate problems, which may be expired or have been revoked, hence the error.
Only 3% of the 776 analyzed are safe
Thus, of the 776 websites of Spanish institutions analyzed, only 3% had a good security configuration. An example is found in the website of the Ministry of Industry, Commerce and Tourism, which, although it uses a certificate and has HTTPS on the web, there are contents of it that are not served via HTTPS.
This may be the case for some images. If we analyze the source code of the page, we can see that there is 103 links with HTTPS, but in return we find 41 HTTP results, including links to tweets. Therefore, it is a matter of fixing those links, and thus browsers like Firefox would not show the web as unsafe.
According to Maldita, the Government is working so that all government domains become secure and use HTTPS extensively. To do this, not only do you have to acquire the certificate, but you have to adapt the services used on each website, and some may be too old and not compatible with encryption or current security standards. In turn, there is no one source of certificates that is used in a homogeneous way in all portals, since there are those who use certificates from the FNMT, GlobalSign or DigiCert.