HTTPYES

Say yes to HTTPS! As of today, my sites (https://tomroelandts.com/ and https://impulseresponse.eu/) require HTTPS. If you manage a website, I think you should consider doing the same.

HTTPS is the secure version of HTTP (the Hypertext Transfer Protocol), the protocol that your browser uses to show you a website. If you access a website through HTTP, all traffic between your computer and the web server is unencrypted, which is a bit strange and probably even unexpected if you didn’t already know it. Unencrypted traffic is especially bad if you are surfing through an unencrypted public Wi-Fi network, but even if not, there are almost always many intermediaries in between your computer and the server that you are trying to reach. So you can never be sure that nobody is listening in.

The Electronic Frontier Foundation (EFF) has been running a campaign to encrypt the web since 2009. Nevertheless, it has taken quite some time to get to some sort of critical mass. Using HTTPS ensures that you are the only one that can decrypt the information that the server sends you. And, it is not only contents that is secured, but also the URL itself. To quote Parker Higgins of the EFF in the article Russia's Wikipedia Ban Buckles Under HTTPS Encryption,

[…] HTTPS encryption protects not just the contents of the communications between browsers and the web sites they're visiting, but also the specific pages on those sites—in other words, everything "after the slash" in a URL.

Hence, even if you’re only browsing a site without supplying any personal information, HTTPS still prevents any eavesdropper from seeing exactly which pages you read. The linked EFF article is an illustration of why this might be a good idea.

The big sites that work with a lot of personal information, such as Google, Twitter, and Facebook, all require HTTPS at this time. Especially Google is also pushing the use of HTTPS for other sites. They have even started to rank HTTPS sites higher in search results.

So switch over your sites now! And if you do, a nice tool to test your setup is the SSL Server Test that is provided for free by Qualys SSL Labs.

Tags:

Submitted by Tom Roelandts on 10 January 2016

Add new comment