Other big sites still insecure (as of writing) Fortune Magazine http://fortune.com/ GNU http://www.gnu.org/ Chicago Tribune http://www.chicagotribune.com/ LA Times http://www.latimes.com/...
I think your browser caches whether it uses HTTP/HTTPS on a particular domain, as I remember reading that was one method advertisers use to track people. I can't find anything about it now though,...
I think your browser caches whether it uses HTTP/HTTPS on a particular domain, as I remember reading that was one method advertisers use to track people. I can't find anything about it now though, so take that with a grain of salt.
It serves an HSTS header, so if you've ever visited the HTTPS version then your browser will always use HTTPS on that domain (for the next ~2 years after each visit), but you still need that...
It serves an HSTS header, so if you've ever visited the HTTPS version then your browser will always use HTTPS on that domain (for the next ~2 years after each visit), but you still need that initial secure connection to trigger that behaviour - HSTS headers aren't respected unless served over a secure connection.
I really hope Google doesn't start burying search results just because they aren't https. There is tons of good content on the web, especially older content, that obviously won't be secured, but...
I really hope Google doesn't start burying search results just because they aren't https. There is tons of good content on the web, especially older content, that obviously won't be secured, but is no less valuable. In many situations, you don't gain anything from https beyond preventing some third party from viewing your requests, but even there, your DNS searches will give away the domain...
I don't think they'll really bury them, especially for the really good and relevant stuff - they'll just always get an SEO hit, making it harder for new , good stuff to surface.
I don't think they'll really bury them, especially for the really good and relevant stuff - they'll just always get an SEO hit, making it harder for new , good stuff to surface.
Looking at the examples you provided in another post, why not download them and store them yourself for future reference? That or archive.org might be an alternative? I do confess to a bit of data...
Looking at the examples you provided in another post, why not download them and store them yourself for future reference? That or archive.org might be an alternative? I do confess to a bit of data hoarding myself, and for this very reason, that it might not be there in the future.
Years ago I thought that the increasing popularity of digitising various things bode well for the future, that mankind would have access to nearly all of its collected works online, a sharing of knowledge and creativity without limit. Obviously none of this came to pass. Some great shining bastard stood up and shouted "Behold! I give you - the paywall!" and the marketing companies swooned in response.
There are plenty things I wished I had saved but did not have the foresight, or disk space, to carry it off. For example, Wikipedia is something I will be downloading soon, and I will add it to my own growing archive. If my flat-bed scanner had not died on me I would have digitized much more by now. Ah, sorry for the rant.
Oh I remember this one so well, spent a lot of time there in the early 2000's. And the blog, it came out around the time of the Dover trial. It seems that they stopped updating the site in 2014, I...
Oh I remember this one so well, spent a lot of time there in the early 2000's. And the blog, it came out around the time of the Dover trial.
It seems that they stopped updating the site in 2014, I fully expected it to be https by now. The blog is active (and on https).
How about Justin's Links, the world's first ever blog. Or perhaps theoldpurple.com, based off of the original purple.com, which was commonly used as a test website back in the 90s to check for an...
How about Justin's Links, the world's first ever blog. Or perhaps theoldpurple.com, based off of the original purple.com, which was commonly used as a test website back in the 90s to check for an internet connection. Another example is Jestertrek's Guide for Disputed Galaxy, a guide for a now defunct multiplayer flash game, or pspdemoarchive, a collection for some psp demos, extensions, and themes that aren't available anywhere else afaik. Or perhaps the Netscape Navigator welcome page, which was many people's first webpage. Or something like the Clinton/Gore 1996 campaign site, or really any still running campaign sites. These websites all provide a unique peek at what life was like in the past I think, and they're still worth preserving and presenting to searchers...
The CDN will just be for the static assets, so you're still connecting to the site's dedicated address in that case. And I don't think most traffic is to shared hosts like that.
The CDN will just be for the static assets, so you're still connecting to the site's dedicated address in that case.
And I don't think most traffic is to shared hosts like that.
There's no need for HTTPS on many websites. If you're just reading content, what use is there fore encryption? There's nothing to secure. If you're worried about privacy, you need Tor anyway....
There's no need for HTTPS on many websites. If you're just reading content, what use is there fore encryption? There's nothing to secure. If you're worried about privacy, you need Tor anyway.
Furthermore, HTTPS isn't even a very secure system. It relies on trusted third parties (CAs) to verify sites, and which can just as easily spoof sites. CloudFlare, for example, can generate bogus SSL certs for literally any site online. Many CAs are also in jurisdictions where they can be compelled to make such bogus certs.
Overall, HTTPS is mostly just a false sense of security.
That doesn't tell the entire story. While it is true that just reading content only might not really require encryption - encryption does make it harder for MIM attacks to happen, thus avoiding...
That doesn't tell the entire story. While it is true that just reading content only might not really require encryption - encryption does make it harder for MIM attacks to happen, thus avoiding more possible malware. In addition, fewer and fewer sites are for "just reading" and they include code for tracking users and even their specific mouse movements and scrolling on screen- not to mention ads that track and commenting systems that require logins. More and more data is being extracted about a web users than ever, and encryption might keep this "more" private.
The fact that https connections to malware sites is so easy today is probably a good thing in the long run.
Yeah, SSL/TLS doesn't just protect your privacy, but your security, too. If someone can listen in on your connection, then it's also very possible that they can alter the contents of it. They...
Yeah, SSL/TLS doesn't just protect your privacy, but your security, too. If someone can listen in on your connection, then it's also very possible that they can alter the contents of it. They could e.g. insert malicious JS, and if grandma who knows absolutely nothing about computers gets redirected to a page telling her to download and install this super legitimate antivirus because her browser is saying that a super bad virus was detected, then I'll let you do the math and figure out what the end result looks like.
That's a little dismissive. Just because you're concerned about privacy doesn't mean you need/should be using Tor and other extreme solutions. Someone can be worried about a site poorly handling...
If you're worried about privacy, you need Tor anyway.
That's a little dismissive. Just because you're concerned about privacy doesn't mean you need/should be using Tor and other extreme solutions. Someone can be worried about a site poorly handling their personal information while not connecting to everything over Tor...
We need https on read only websites too. Not only does it protect ISP spying(they can see I'm on YouTube but they can't see what videos I'm watching) but it also stops them from injecting...
We need https on read only websites too. Not only does it protect ISP spying(they can see I'm on YouTube but they can't see what videos I'm watching) but it also stops them from injecting JavaScript, hijacking ads on websites and makes open WiFi networks more secure. My own ISP corrupts larger files if I download them over http and forces me to use a VPN just to download stuff. Https has almost no downsides and there is no point in not using it
This is an extremely naive view of the internet as it exists today... Also, recommending Tor is not the answer when it comes to privacy. Let alone that from a risk standpoint, you're painting a...
There's no need for HTTPS on many websites. If you're just reading content, what use is there fore encryption? There's nothing to secure. If you're worried about privacy, you need Tor anyway.
This is an extremely naive view of the internet as it exists today... Also, recommending Tor is not the answer when it comes to privacy. Let alone that from a risk standpoint, you're painting a big fat target on your back...
Furthermore, HTTPS isn't even a very secure system. It relies on trusted third parties (CAs) to verify sites, and which can just as easily spoof sites. CloudFlare, for example, can generate bogus SSL certs for literally any site online. Many CAs are also in jurisdictions where they can be compelled to make such bogus certs.
So because something is not a 100% secure or undeniably better than what came before it, we shouldn't use it? Do I have news for you... Also, where do you get this information? CloudFlare is a CA, so yes, they can create certificates, what's your point exactly? I do agree that CAs are a weak link in general (See Symantec & DigiNotar for instance). That's why EV certificates are useless and why Let's Encrypt was started.
Overall, HTTPS is mostly just a false sense of security.
Not only does it protect ISP spying(they can see I'm on a news site but they can't see what I'm reading) but it also stops them from injecting JavaScript, hijacking ads on websites and makes open...
Not only does it protect ISP spying(they can see I'm on a news site but they can't see what I'm reading) but it also stops them from injecting JavaScript, hijacking ads on websites and makes open WiFi networks more secure. My own ISP corrupts larger files if I download them over http and forces me to use a VPN just to download stuff. Https has almost no downsides and there is no point in not using it
Other big sites still insecure (as of writing)
GNU.org doesn't default to SSL? Wasn't expecting that. All the more reason to use HTTPS everywhere.
I went ahead and messaged webmaster@gnu.org about it. If I get a response I'll post it here
GNU.org loads in https by default for me
What browser are you using?
I think your browser caches whether it uses HTTP/HTTPS on a particular domain, as I remember reading that was one method advertisers use to track people. I can't find anything about it now though, so take that with a grain of salt.
It serves an HSTS header, so if you've ever visited the HTTPS version then your browser will always use HTTPS on that domain (for the next ~2 years after each visit), but you still need that initial secure connection to trigger that behaviour - HSTS headers aren't respected unless served over a secure connection.
Firefox, but it loads in HTTP with Qutebrowser.
I really hope Google doesn't start burying search results just because they aren't https. There is tons of good content on the web, especially older content, that obviously won't be secured, but is no less valuable. In many situations, you don't gain anything from https beyond preventing some third party from viewing your requests, but even there, your DNS searches will give away the domain...
I don't think they'll really bury them, especially for the really good and relevant stuff - they'll just always get an SEO hit, making it harder for new , good stuff to surface.
Looking at the examples you provided in another post, why not download them and store them yourself for future reference? That or archive.org might be an alternative? I do confess to a bit of data hoarding myself, and for this very reason, that it might not be there in the future.
Years ago I thought that the increasing popularity of digitising various things bode well for the future, that mankind would have access to nearly all of its collected works online, a sharing of knowledge and creativity without limit. Obviously none of this came to pass. Some great shining bastard stood up and shouted "Behold! I give you - the paywall!" and the marketing companies swooned in response.
There are plenty things I wished I had saved but did not have the foresight, or disk space, to carry it off. For example, Wikipedia is something I will be downloading soon, and I will add it to my own growing archive. If my flat-bed scanner had not died on me I would have digitized much more by now. Ah, sorry for the rant.
Honest question: any examples?
For example: talkorigins.org. Really old website, but one of the best resources in debunking creationism.
Oh I remember this one so well, spent a lot of time there in the early 2000's. And the blog, it came out around the time of the Dover trial.
It seems that they stopped updating the site in 2014, I fully expected it to be https by now. The blog is active (and on https).
How about Justin's Links, the world's first ever blog. Or perhaps theoldpurple.com, based off of the original purple.com, which was commonly used as a test website back in the 90s to check for an internet connection. Another example is Jestertrek's Guide for Disputed Galaxy, a guide for a now defunct multiplayer flash game, or pspdemoarchive, a collection for some psp demos, extensions, and themes that aren't available anywhere else afaik. Or perhaps the Netscape Navigator welcome page, which was many people's first webpage. Or something like the Clinton/Gore 1996 campaign site, or really any still running campaign sites. These websites all provide a unique peek at what life was like in the past I think, and they're still worth preserving and presenting to searchers...
Failing that, most of the time the destination IP address will do that as well.
If the website uses a CDN or a host that uses one IP for several domains, not really.
The CDN will just be for the static assets, so you're still connecting to the site's dedicated address in that case.
And I don't think most traffic is to shared hosts like that.
There's no need for HTTPS on many websites. If you're just reading content, what use is there fore encryption? There's nothing to secure. If you're worried about privacy, you need Tor anyway.
Furthermore, HTTPS isn't even a very secure system. It relies on trusted third parties (CAs) to verify sites, and which can just as easily spoof sites. CloudFlare, for example, can generate bogus SSL certs for literally any site online. Many CAs are also in jurisdictions where they can be compelled to make such bogus certs.
Overall, HTTPS is mostly just a false sense of security.
That doesn't tell the entire story. While it is true that just reading content only might not really require encryption - encryption does make it harder for MIM attacks to happen, thus avoiding more possible malware. In addition, fewer and fewer sites are for "just reading" and they include code for tracking users and even their specific mouse movements and scrolling on screen- not to mention ads that track and commenting systems that require logins. More and more data is being extracted about a web users than ever, and encryption might keep this "more" private.
The fact that https connections to malware sites is so easy today is probably a good thing in the long run.
Yeah, SSL/TLS doesn't just protect your privacy, but your security, too. If someone can listen in on your connection, then it's also very possible that they can alter the contents of it. They could e.g. insert malicious JS, and if grandma who knows absolutely nothing about computers gets redirected to a page telling her to download and install this super legitimate antivirus because her browser is saying that a super bad virus was detected, then I'll let you do the math and figure out what the end result looks like.
That's a little dismissive. Just because you're concerned about privacy doesn't mean you need/should be using Tor and other extreme solutions. Someone can be worried about a site poorly handling their personal information while not connecting to everything over Tor...
"Why do we need E2EE chats like signal? If you want privacy just host your own email server"
Sites where you're merely reading content shouldn't have any access to your personal information in the first place...
We need https on read only websites too. Not only does it protect ISP spying(they can see I'm on YouTube but they can't see what videos I'm watching) but it also stops them from injecting JavaScript, hijacking ads on websites and makes open WiFi networks more secure. My own ISP corrupts larger files if I download them over http and forces me to use a VPN just to download stuff. Https has almost no downsides and there is no point in not using it
This is an extremely naive view of the internet as it exists today... Also, recommending Tor is not the answer when it comes to privacy. Let alone that from a risk standpoint, you're painting a big fat target on your back...
So because something is not a 100% secure or undeniably better than what came before it, we shouldn't use it? Do I have news for you... Also, where do you get this information? CloudFlare is a CA, so yes, they can create certificates, what's your point exactly? I do agree that CAs are a weak link in general (See Symantec & DigiNotar for instance). That's why EV certificates are useless and why Let's Encrypt was started.
Overall, this comment is mostly just false.
Some reading material:
Why would a news site need HTTPS ?
Not only does it protect ISP spying(they can see I'm on a news site but they can't see what I'm reading) but it also stops them from injecting JavaScript, hijacking ads on websites and makes open WiFi networks more secure. My own ISP corrupts larger files if I download them over http and forces me to use a VPN just to download stuff. Https has almost no downsides and there is no point in not using it