back to article Reddit joins the HTTPS-only stampede

Reddit will soon be served over HTTPS only as part of wider moves to secure the web. The Front Page of the Internet™ began serving its user-curated pages over secure sockets layer last September, in an effort that took some nine months to complete. The site has now decided that as of 29 June it will begin pushing all traffic …

  1. Martijn Otto

    This should be the new standard for every website. Encrypting everything makes it difficult for peeping toms (also known as "security agencies") to know which data is "interesting" and focus their efforts on decrypting it.

    1. John Robson Silver badge

      Whilst I see your point I am also very aware that there are places in the world that don't have unlimited power and network bandwidth.

      There is a distinct advantage to being able to cache data - HTTPS everything breaks the internet for various locations...

      1. DaLo

        HTTPS can be cached. It is cached with different rules to HTTP but it can still provided a sessioned cached browsing experience.

      2. Stuart 22

        Third World Security

        "Whilst I see your point I am also very aware that there are places in the world that don't have unlimited power and network bandwidth.

        https is not the real problem to them. There are few sites where the western assumption of broadband access has not bloated pages with superfluous advertising, under compressed images, rolling videos and a cacophony of plugins, ccs files that grew, grew and grew and never pared back to what was only needed.

        Is there an browser extension that will flag the total download size of a page with its supporting infrastructure?

        https is a minor but a more useful load on the network - especially when operating across less than secure networks one may find in these places.

        1. John Robson Silver badge

          Re: Third World Security

          @Stuart 22

          Absolutely agree with you - the level of bloat is ridiculous - but that's where a decent cache, with ad filters etc., can really make a huge difference. Even "large" CSS files tend to be relatively small (cf+ video) and are rarely downloaded (since they can be cached and apply to whole sites for months at a time), so I tend to excuse those ;)

          The ongoing story about the education centre in the middle of Australia is a case in point. They have very limited network bandwidth, and poor latency. Having devices at both ends of their "connection" would allow them to filter out the ads and other garbage somewhere where there is good connectivity, and cache the resultant data in the building.

          Those two measures maximise the usage of the limited connectivity, shared between many poeple, and even more sessions. The users are still able to go HTTPS when needed, but their experience over HTTP is better, so they'll use that by default for things that don't require the security.

          Put everything HTTPS and you can't strip the ads/flash as easily, you can't cache it between users, you just have to eat the data which is shovelled at you, as your connection is overwhelmed.

          Put HTTPS as an option by all means, those of us fortunate enough to have large gobs of bandwidth, no caps and limited numbers of users (i.e. reduced opportunity for caching) can then use it and fill up the central pipes with lots of "unreadable" data.

          Enforce HTTPS where user data is being sent/recieved.

          Leave HTTP as an option for those who need/want it (maybe even with an "HTTPS is available" banner)

  2. Gideon 1

    "Reddit jons the HTTPS-only stampede"

    Is that joins or jons?

  3. This post has been deleted by its author

  4. kline
    Alert

    still slippy

    This seems rather pointless in a lot of the reddit use case, as it often calls out to insecure http requests on imgur, meaning the content of what you're looking at is still MITMable.

    This seems fairly important in the case of an aggregator. I'm glad it's happening though.

  5. Doctor_Wibble

    Front Page of the Internet?

    Is that not 'web portal', that erstwhile magic gate of yesteryear?

    1. P. Lee Silver badge

      Re: Front Page of the Internet?

      >Front Page of the Internet?

      >Is that not 'web portal', that erstwhile magic gate of yesteryear?

      Nope, its the "FrontPage" of the internet. As authored by users using MS software.

      1. Steve Davies 3 Silver badge

        Re: Front Page of the Internet?

        FrontPage? Shirly it is Sharepoint

        Or for Facebook it is Internet.org and nowhere else.

  6. Jim 59

    We really should have given up with http when we gave up using telnet in favour of ssh.

    Every security improvement is double edged though. In protecting you from snoopers, it also protects ISIS et al in exactly the same way.

  7. Jim 59

    And another thing. Thanks to The Register for the clear headline and nicely written article.

    FYI, I won't be reading the other story you have presented under the headline "git commit -m 'Add $200m to GitHub, tweak valuation to $2bn'". Whatever.

  8. Anonymous Coward
    Anonymous Coward

    Now they just need to get their certificate reissued as sha256.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020