steven36 Posted June 19, 2015 Share Posted June 19, 2015 Reddit will officially switch to an HTTPS encryption by default beginning June 29. The company made the announcement in a brief statement on its website Tuesday. The self proclaimed “front page of the internet” has offered the complete site as an HTTPS encryption option since September of last year but made the decision to fully transition, company spokesperson told SCMagazine.com in a Thursday email correspondence.“We genuinely value the privacy of the people who trust Reddit as a platform for open communication," the spokesman said, noting that by "using HTTPS to communicate" Reddit will protect users "from someone watching their connection (such as a WiFi hotspot provider) [or] reading the plain-text contents of their browser communication.”The company is the latest in a slew of major websites - in both the private and the public sector - that have announced they are making the switch to HTTPS encrypted connections. Earlier this month, the Office of Management and Budget (OMB) issued an HTTPS-Only Standard directive for all publicly accessible federal websites and web services.And Wikimedia, the company that owns Wikipedia, Microsoft's Bing, Plex, and Netflix also said earlier this year that it would be switching to HTTPS connections. The collection of mass metadata has helped make encryption more important than ever.Bill Budington, a software engineer at the Electronic Frontier Foundation (EFF), said that government collection of metadata and increasing concerns with online privacy have helped make encryption a priority for larger companies.“After the Snowden revelations we've seen a lot of companies who want to protect their customers and they want the good publicity that comes with that,” Budington told SCMagazine.com.“Without encryption, you can see what people are streaming and what they are watching, all of this is possible if you don't have a secure HTTPS connection," he said.Budington also noted that transitioning websites to HTTPS formatting can be an expensive endeavor for larger companies and may have taken extensive planning for companies who may have wanted to make the transition sooner.http://www.scmagazine.com/reddit-joins-to-list-of-big-companies-switching-to-https/article/421572/ Link to comment Share on other sites More sharing options...
CODYQX4 Posted June 19, 2015 Share Posted June 19, 2015 By default? I've been forcing it.Go nuclear. Kill HTTP entirely if your site is fully HTTPS, because why not? All browsers used from this millennium support it, even if catering to the demented IE6 users might require broken cyphers or something. Link to comment Share on other sites More sharing options...
steven36 Posted June 19, 2015 Author Share Posted June 19, 2015 Most sites still dont have it at all . And some have it but not forced ..I use this add-on in Firefox to check HTTPtoHTTPShttps://addons.mozilla.org/en-US/firefox/addon/httptohttps/?src=api Link to comment Share on other sites More sharing options...
CODYQX4 Posted June 19, 2015 Share Posted June 19, 2015 Most sites still dont have it at all . And some have it but not forced ..I use this add-on in Firefox to check HTTPtoHTTPShttps://addons.mozilla.org/en-US/firefox/addon/httptohttps/?src=apiSadly not, and I'd argue not necessarily for tech reasons, but because it's a yearly fee with paperwork/ID validation and the costs can exceed $200 depending on the cert and registrar.They should separate the encryption from the site/server validation. As of now your only choices are to buy SSL certs and pay the fee indefinitely, not encrypt at all, or use a self signed cert that will cause just about every app on the planet to scream bloody murder at the top of it's lungs, which either scares them away or trains them to just click through security warnings mindlessly.As in a type of cert that is free. but neither trusted nor untrusted. Want verification? Pay the fee for the official trusted cert. Something to put a step in between "No Security Whatsoever", and "Pay forever so we can stamp your cert as good else you must have been a victim of hacking".I'd implement it so there'd be no green lock but no screaming warning of death, and the cert would be explicitly identifiable as unverified. Also since browsers cache certs, if a MITM uses one of these, then scream bloody murder because Google just doesn't downgrade their certs to self signed. Link to comment Share on other sites More sharing options...
steven36 Posted June 19, 2015 Author Share Posted June 19, 2015 Only if I'm onhttps://encrypted.google.com/Does Google really force https If i go to regional witch is ip depended I can switch back to http with that add-on so Google is not 100% forced ether yet. ;) Link to comment Share on other sites More sharing options...
CODYQX4 Posted June 19, 2015 Share Posted June 19, 2015 Only if I'm onhttps://encrypted.google.com/Does Google really force https If i go to regional witch is ip depended I can switch back to http with that add-on so Google is not 100% forced ether yet. ;)I don't know about the variuos regions, but HTTPS everywhere just sends me to https://www.google.com/. I haven't seen the "encrypted" subdomain for quite awhile. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.