This should be the new standard for every website. Encrypting everything makes it difficult for peeping toms (also known as "security agencies") to know which data is "interesting" and focus their efforts on decrypting it.
Reddit joins the HTTPS-only stampede
Reddit will soon be served over HTTPS only as part of wider moves to secure the web. The Front Page of the Internet™ began serving its user-curated pages over secure sockets layer last September, in an effort that took some nine months to complete. The site has now decided that as of 29 June it will begin pushing all traffic …
COMMENTS
-
-
-
-
Thursday 18th June 2015 10:54 GMT Stuart 22
Third World Security
"Whilst I see your point I am also very aware that there are places in the world that don't have unlimited power and network bandwidth.
https is not the real problem to them. There are few sites where the western assumption of broadband access has not bloated pages with superfluous advertising, under compressed images, rolling videos and a cacophony of plugins, ccs files that grew, grew and grew and never pared back to what was only needed.
Is there an browser extension that will flag the total download size of a page with its supporting infrastructure?
https is a minor but a more useful load on the network - especially when operating across less than secure networks one may find in these places.
-
Friday 19th June 2015 09:06 GMT John Robson
Re: Third World Security
@Stuart 22
Absolutely agree with you - the level of bloat is ridiculous - but that's where a decent cache, with ad filters etc., can really make a huge difference. Even "large" CSS files tend to be relatively small (cf+ video) and are rarely downloaded (since they can be cached and apply to whole sites for months at a time), so I tend to excuse those ;)
The ongoing story about the education centre in the middle of Australia is a case in point. They have very limited network bandwidth, and poor latency. Having devices at both ends of their "connection" would allow them to filter out the ads and other garbage somewhere where there is good connectivity, and cache the resultant data in the building.
Those two measures maximise the usage of the limited connectivity, shared between many poeple, and even more sessions. The users are still able to go HTTPS when needed, but their experience over HTTP is better, so they'll use that by default for things that don't require the security.
Put everything HTTPS and you can't strip the ads/flash as easily, you can't cache it between users, you just have to eat the data which is shovelled at you, as your connection is overwhelmed.
Put HTTPS as an option by all means, those of us fortunate enough to have large gobs of bandwidth, no caps and limited numbers of users (i.e. reduced opportunity for caching) can then use it and fill up the central pipes with lots of "unreadable" data.
Enforce HTTPS where user data is being sent/recieved.
Leave HTTP as an option for those who need/want it (maybe even with an "HTTPS is available" banner)
-
-
-
-
-
This post has been deleted by its author
-