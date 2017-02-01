HTTPS Adoption Has Reached the Tipping Point (troyhunt.com) 12
Security expert Troy Hunt, who is perhaps best known for creating Have I Been Pwned data breach service, argues that adoption of HTTPS has reached the tipping point, citing "some really significant things" that have happened in the past few months. From a blog post: We've already passed the halfway mark for requests served over HTTPS -- This was one of the first signs that we'd finally hit that tipping point and it came a few months ago. This is really significant -- Mozilla is now seeing more secure traffic than it is non-secure traffic. Now that doesn't mean that most sites are now HTTPS because that figure above has a huge portion of traffic served from a small number of big sites. Twitter, Facebook, Gmail etc. all do all their things over HTTPS and that keeps that number quite high. Hunt also cited security aficionado Scott Helme's recent analysis which found that the number of websites listed in Alexa's top one million websites that have adopted to HTTPS has more than doubled year from August 2015 to August 2016. Troy adds: Browsers are holding non-secure sites more accountable. Chrome 56 is now holding sites using bad security practices to account (by flagging a "not secure" label in the address bar when you visit such websites). Many sites you wouldn't expect are now going HTTPS by default. (He cites websites such as ArsTechnica, NYTimes as examples). Making more cases for his argument, Hunt adds that HTTPS sites are not slow as they used to be, and that services such as Let's Encrypt and Cloudflare have made it free and east to bring this security feature.
Great (Score:2)
Now take the strategies you've learned and do the same for flash vs html5.
Tipping Point (Score:3)
The tipping point towards what? Isn't SSL great for things that need to be secure... ie shopping, banking, etc but pretty much excessive for mundane stuff - like this article and this post for example. I am sure glad by slashdot.org data is transported via SSL connection because you never know....
Re: (Score:2)
It's "evil" to be able to have your traffic sniffed. Leave that data for all the ad networks that serve ads over HTTPS.
Re: (Score:2)
I pretty much agree with you.
I create/run a fair number of web applications. Anything with a password associated with it runs https- if there is no password, then it runs insecure.
You want a picture of a peach? I'll serve up thousands- and let every man-in-the-middle know that you're looking at peaches.
You want to send me your email and password (that is probably the same you use on 10 other sites)? Now it is secure.
Asking a real question- why should we encrypt non-sensitive data?
HTTPS negotiation was never the "slow" part (Score:3)
Alexa Rankings (Score:2)
found that the number of websites listed in Alexa's top one million websites that have adopted to HTTPS has more than doubled
Why do people still use Alexa? There can't be more than a tiny handful of people who still use their crappy browser toolbar and that measuring metric has always had significant selection bias. Do they have a newer, better data source, or is there just nothing better so people fall back to a name that's familiar?
It would be nice if the major ISPs would aggregate and share all that data they save for the NSA anyway with some nonprofit org for this kind of thing.
Not everything needs HTTPS (Score:2)
If I'm accessing a site that simply serves up information and doesn't ask for any details from me, then there's no need for HTTPS. It simply sucks up CPU cycles and ultimately uses up more electricity. And no , I don't care about the 0.001 extra on my bill, but if you add it up over the entire planet its probably a couple of coal fired power plants extra required.