The Bitly URL shortening service serves about 12 billion clicks a month, helping users with shorter links get to the places online that they want to go. Starting today, some of those links will be more secure as a result of the use of Transport Layer Security (TLS) by way of the Let's Encrypt effort.
Let's Encrypt provides free TLS certificates that enable encrypted, secured HTTPS traffic over the Internet. The Let's Encrypt project is a Linux Foundation Collaborative Project and exited its beta period in April 2016, having already provided more than 1.5 million free TLS certificates.
Until today, Bitly did not generate HTTPS URLs, said Rob Platzer, CTO. If a user supplied an HTTPS long URL to encode, Bitly would return an HTTP short URL that redirects to the HTTPS destination, he explained.
"Now, Bitly Enterprise customers with branded domains will have an account-wide setting to always return HTTPS," Platzer told eWEEK.
The HTTPS links are not for all Bitly users, yet. Bitly offers branded domains for free accounts as well as paid accounts, Platzer said. For paying customers, Bitly provides much greater capabilities on top of the branded domains. This phase of the rollout of HTTPS will allow both free and paid branded domain users to modify their account settings so that they always return HTTPS URLs, he said.
Phase 2 of the rollout, which is not part of today's announcement but is coming soon, will bring HTTPS to the ubiquitous Bit.ly domain and be available to every user of the Bitly platform. Approximately 25 percent of Bitly's 12 billion clicks per month are on branded domains.
"Part of our Bitly Enterprise offering, branded domains replace the Bit.ly in links with brand names. Think nyti.ms or es.pn," Platzer explained. "These links drive more brand awareness and visibility, and result in up to a 34 percent increase in click-through rate when compared to unbranded links. More than 40,000 brands use branded domains."
Bitly is not providing monetary compensation to Let's Encrypt, which is a freely available effort. That said, Bitly has helped improve the platform and technology by contributing to community libraries (like https://github.com/xenolf/lego) for automating interaction with Lets Encrypt, Platzer said.
"Bitly has also contributed to ACME, the protocol that defines how clients interact with a Certificate Authority like Lets Encrypt," Platzer said. "These technical contributions, as well as working with Lets Encrypt to drive adoption, are helping to lead the path to a more secure Web."
The Lets Encrypt certificate system uses short life certificates that expire in 90 days and need to be renewed constantly. The approach to using LetsEncrypt at Bitly's scale is based on the ability to create and renew certificates in a completely automated fashion, Platzer said.
"Supporting HTTPS on the Bitly platform included a major update to the Bitly request handling layer so that certificates become available the instant they are generated by LetsEncrypt and in such a way that the certificate private keys are stored fully encrypted on disk," Platzer said.
Among the reasons HTTPS is sometimes not used by any given Website is the fact that it takes additional server resources in order to implement. Platzer noted that creating secure connections does take additional communication overhead between the browser making a request and Bitly servers. This requires more CPU utilization and additional roundtrip latency for each secure connection to be established.
Typically, this is twice the overhead when compared with HTTP, Platzer said. "We are preparing for the additional overhead by aggressively scaling up our infrastructure over the coming months with substantially newer and more powerful hardware as well as moving to a higher speed global network to reduce latency from all locations around the world."
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.