Internet Archive, fearful of spying, boosts its encryption

The nonprofit site will keep less user data and adopt the secure HTTPS protocol by default

The Internet Archive will use the secure HTTPS protocol by default for its readers.

The Internet Archive will use the secure HTTPS protocol by default for its readers.

The Internet Archive, the online repository of millions of digitized books, wants to shield its readers from other's prying eyes -- like the government's.

On Thursday night the nonprofit announced new privacy protections to make it more difficult to see users' reading behavior on the site, by implementing the encrypted Web protocol standard HTTPS and making it the default. Most users will soon be using the secure protocol, which is designed to protect against eavesdropping and what are called "man-in-the-middle attacks," the group said. The protections were announced during an event at the organization's headquarters in San Francisco.

Recent revelations over government surveillance and National Security Agency programs like Prism were a major driver behind the changes. "Based on the revelations of bulk interception of web traffic as it goes over the Internet, we are now protecting the reading behavior as it transits over the Internet by encrypting the reader's choices of webpages all the way from their browser to our website," the group said in a Friday blog post, pointing to NSA's "XKeyscore" tool in particular.

The XKeyscore tool, for instance, lets NSA analysts search through vast numbers of emails, online chats and browsing histories without prior authorization, reports have said.

The Internet Archive also made changes to make it harder to reconstruct users' behavior on the site, by encrypting the Internet Protocol addresses stored on the servers for and The group modified the servers so that they would encrypt users' IP addresses with a key that changes each day. The approach, the group said, will allow them to know how many people have used their services, but not who they are or where they are coming from. The Internet Archive claims to have more than 3 million daily users.

Users of the Wayback Machine, which lets people see previous versions of certain sites across the Internet, will also start to see the secure HTTPS version by default.

Web servers typically record IP addresses in their logs, which leaves a record to reconstruct who looked at what, but the Internet Archive has been trying to avoid keeping users' IP addresses for the past several years, the group said.

With help from more than 15 million users and 850 contributing libraries, there are more than 5 million ebooks freely available on and 2 million ebooks on, according to the Internet Archive site.

The Internet Archive also announced several other initiatives, like fixing broken URL links it has archived, and a database of U.S. television news programs.

For the nostalgic, there is also a Historical Software Archive, which will let software from a bygone era, like from Apple's II computer, run in modern browsers.

Join the CSO newsletter!

Error: Please check your email address.

Tags Internet-based applications and servicesantispamonline safetysecurityinternet archiveAccess control and authenticationIdentity fraud / theftinternetdata protectionprivacy

More about AppleNational Security AgencyNSAPrism

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Zach Miners

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts