Since 2009, Christopher Soghoian, principal technologist with the Speech, Privacy, and Technology Project at the American Civil Liberties Union (ACLU) has been trying to make the Internet more secure.

His goal–getting companies to add a layer of encryption to their websites, turning HTTP to HTTPS–might not sound like much. After all, what’s one letter on a URL?

But that extra letter, it turns out, is all it takes to make government surveillance, censorship attempts by authoritative regimes, and attacks by ill-intentioned hackers more difficult to pull off.

Soghoian has been wielding both the carrot and the stick on a near daily basis, until recently offering bottles of whiskey to companies that implemented HTTPS, and getting into public Twitter spats with companies such as Symantec, and the Internet company Akamai, which haven’t welcomed to his overtures. “I use whatever argument works,” Soghoian says. “I will ask. I will beg. I will offer to bribe. And then I will threaten. I will use every technique at my disposal.”

I will ask. I will beg. I will offer to bribe. And then I will threaten.

And he’s not alone. A group of increasingly vocal Internet companies, activists, lawyers, and privacy experts have been working to have all traffic on the Internet encrypted by default. And while the connection between your web browser and (amazing) places like Fast Company’s website aren’t always encrypted by default, chances are they won’t stay that way for long. Because, according to Soghoian, the HTTPS crowd is “slowly winning”–though not without a few snags along the way.

What’s the big deal? You’re probably familiar with HTTPS as the lock icon in your browser’s address bar that appears when you log in to your bank’s website, or check your email. Hypertext Transfer Protocol Secure, or HTTPS, is the encrypted version of plaintext HTTP, the protocol over which most Internet traffic has traditionally been sent. It’s HTTP traffic with either Transport Layer Security (TLS) or it’s predecessor Secure Sockets Layer (SSL) beneath. Though traditionally used, primarily, to protect usernames and passwords and online transactions, the argument goes that we should be using it for everything, the mundane stuff, too.

The reason is that anything sent via regular old HTTP is done in the clear–in other words, in unencrypted plaintext for all to see. The person next to you at a coffee shop or the government that controls your ISP can see what articles you’re reading online, or what videos you’re watching on YouTube. And, “The articles that you read in a newspaper are very, very sensitive, because they reveal an awful a lot about what you’re interested in,” Soghoian says. “If you’re looking at the website of an abortion clinic, or a suicide hotline or self-help group for alcoholism, I think that’s super, super sensitive as well. But very few sites in those areas use encryption.”