Quantum computing gets announced as a revolution roughly every six months. A tech giant publishes a paper, the headlines declare that classical computers are about to become obsolete, and then... nothing obviously changes. Your browser still loads the same way. Your passwords still work. The internet still runs on the same basic infrastructure it did a decade ago.
So what's actually going on? Is quantum computing genuinely approaching a moment that reshapes the internet, or is this one of those technologies that's perpetually five to ten years away? The honest answer sits somewhere more interesting than either extreme – and the part that should get your attention isn't the part most people are talking about.
Classical computers – every phone, laptop, and server that exists today – process information as bits. Each bit is either a 0 or a 1. Everything your computer does, from rendering a video to sending an email, is ultimately a sequence of 0s and 1s being manipulated at extraordinary speed.
Quantum computers use qubits instead of bits. A qubit can exist in a state of 0, 1, or a superposition of both simultaneously – which is a deeply counterintuitive property borrowed from quantum physics. This isn't just a technical curiosity. It means a quantum computer can, in certain circumstances, explore a vast number of possible solutions to a problem at the same time rather than working through them one by one. For specific categories of problems – particularly those involving large numbers of variables or complex optimisation – this represents a genuinely different and potentially much faster approach.
The emphasis on "specific categories" is important and often lost in the hype. Quantum computers aren't universally faster than classical computers. They're dramatically faster at particular types of problems, and no faster – often slower – at everything else. A quantum computer is a specialised instrument, not a universal replacement for the computers you already use.
The current state of quantum computing is best described as impressive but fragile. IBM, Google, and a growing field of startups and national research programs have built quantum processors with meaningful qubit counts – IBM's Condor chip, announced in late 2023, reached over 1,000 qubits. Google claimed "quantum supremacy" in 2019 with a 53-qubit processor that completed a specific calculation faster than any classical supercomputer could.
But qubit count isn't the whole story. The central challenge isn't making more qubits – it's making qubits that are stable enough to be useful. Qubits are extraordinarily sensitive to interference from their environment: heat, vibration, electromagnetic noise. This sensitivity causes errors, and managing those errors requires significant overhead. Current quantum processors need to be cooled to temperatures close to absolute zero (colder than outer space) to function, and they still produce error rates that limit what can be reliably computed.
The term used in the field is "noisy intermediate-scale quantum" computing – NISQ – which is a candid acknowledgement that current machines are neither error-free nor large enough to run the most impactful quantum algorithms at meaningful scale. Useful, fault-tolerant quantum computing is still a research problem, not an engineering problem that's mostly solved.
Here's where things get genuinely important for everyday users, and where the timeline question gets a lot more serious.
Almost everything you do online is protected by encryption. When you log into your bank, send a private message, or make a payment, your data is scrambled using mathematical algorithms that are computationally secure against classical computers. The most widely used of these – RSA and elliptic curve cryptography – rely on the fact that certain mathematical problems (specifically, factoring very large numbers) take classical computers an impractically long time to solve. Your 2048-bit RSA key is secure today because factoring the numbers involved would take a classical computer longer than the age of the universe.
A sufficiently powerful quantum computer running an algorithm called Shor's algorithm could, in theory, factor those numbers in hours or days. This is the scenario that security researchers have been quietly concerned about for years, and the reason it matters is not just for future data – it's for data that's being collected and stored now.
There's a known threat model in the security community called "harvest now, decrypt later." Nation-state actors or well-resourced adversaries can intercept and store encrypted communications today, even if they can't decrypt them yet, and hold them until quantum computing becomes powerful enough to break the encryption retrospectively. For data with a long shelf life – classified government communications, medical records, intellectual property – this is a real and active concern, not a hypothetical one.
The US National Institute of Standards and Technology (NIST) has been running a multi-year competition to standardise post-quantum cryptography – new encryption algorithms designed to be secure against both classical and quantum attacks. In 2024, NIST finalised its first set of post-quantum cryptographic standards, marking a significant milestone in the transition away from quantum-vulnerable encryption. The migration is already beginning in government and critical infrastructure sectors, and it will eventually reach the consumer internet – though that transition will take years, possibly a decade or more.
The framing of quantum computing "breaking the internet" or making it unrecognisable in the near term is mostly overstated. The vast majority of the internet's infrastructure – routing, DNS, content delivery, the physical layer of cables and wireless signals – is completely unrelated to the types of problems quantum computing addresses.
Websites won't suddenly become faster because of quantum computers. Streaming video won't get better. Social media platforms won't change. The internet is not a single computational task that a quantum processor could solve more efficiently. It's a vast, distributed network of systems built on standards, hardware, and software that will continue evolving the way it always has – incrementally and with significant inertia.
The quantum threat is specific and serious where it exists (encryption), but it isn't a general disruption to how the internet works.
Cryptographically relevant quantum computers – machines powerful and stable enough to actually run Shor's algorithm against current encryption standards at scale – are, by most expert estimates, somewhere between 10 and 20 years away. Some researchers are more optimistic; some are more cautious. The honest answer is that the timelines are genuinely uncertain because they depend on engineering breakthroughs that haven't happened yet.
What isn't uncertain is that the preparation for the quantum transition needs to happen well before quantum computers capable of breaking encryption actually arrive. NIST's post-quantum standards give the industry the tools to start that migration now. The organisations paying close attention are already moving. The ones that wait until the threat is imminent will face a much harder transition.
For everyday users, the most practical implication is that the services you rely on – your email provider, your bank, your cloud storage – will quietly upgrade their encryption infrastructure over the coming years. You won't need to do anything specific, any more than you needed to actively migrate when the web moved from HTTP to HTTPS. The change will happen beneath you, driven by the platforms and infrastructure you already use.
Will quantum computers break all encryption? Not all encryption, and not anytime soon. Current quantum computers are nowhere near powerful enough to threaten modern encryption. The concern is about a future machine that doesn't exist yet – and the security community is already developing and standardising encryption algorithms designed to be resistant to quantum attacks.
Should I be worried about my data right now? For most everyday users, not immediately. The "harvest now, decrypt later" threat is primarily a concern for high-value, long-lived sensitive data – state secrets, medical records, intellectual property. Ordinary web browsing and consumer communications are lower-priority targets, and by the time cryptographically relevant quantum computers arrive, post-quantum encryption will likely already be widely deployed.
Is quantum computing overhyped? In terms of near-term consumer impact, yes – significantly. The breakthrough announcements rarely translate to anything that changes how most people use technology. In terms of long-term significance for cryptography, national security, drug discovery, and materials science, the potential is real and serious researchers take it very seriously. The hype and the reality exist in different time horizons.
What is post-quantum cryptography? It's a category of cryptographic algorithms designed to be secure against attacks from both classical and quantum computers. Unlike quantum cryptography (which uses quantum physics to secure communications), post-quantum cryptography runs on ordinary classical computers using mathematical problems that quantum computers aren't believed to be able to solve efficiently. NIST finalised the first post-quantum standards in 2024.
NIST – Post-Quantum Cryptography Standardisation: https://www.nist.gov/programs-projects/post-quantum-cryptography
IBM – What Is Quantum Computing: https://www.ibm.com/topics/quantum-computing
Nature – Google's Quantum Supremacy Claim: https://www.nature.com/articles/s41586-019-1666-5
MIT Technology Review – The Problem With Quantum Computers: https://www.technologyreview.com/2023/01/06/1064893/whats-next-for-quantum-computing/
Cloudflare – The State of Post-Quantum Cryptography: https://blog.cloudflare.com/post-quantum-cryptography-ga/
