Starting June 29, Reddit will encrypt all site communications, following the example of Google, Apple, Wikipedia, Netflix and others.
â€œNearly 1 year ago we gave you the ability to view Reddit completely over SSL,â€ according to a post by Reddit. â€œNow weâ€™re ready to enforce that everyone use a secure connection with Reddit. Please ensure that all of your scripts can perform all of their functions over HTTPS by June 29. At this time we will begin redirecting all site traffic to be over HTTPS and HTTP will no longer be available.â€
The White House also announced a move to HTTPS connections to â€œeliminate inconsistent, subjective determinations across agencies regarding which content or browsing activity is sensitive in nature, and create a stronger privacy standard government-wide,â€ US Chief Information Officer Tony Scott said in a memorandum. Â By the end of 2016, all federal agencies and departments should move their publicly accessible Web sites and services to HTTPS only.
Why do sites need HTTPS
Unencrypted HTTP connections can expose usersâ€™ sensitive data to interception during their transit from computer to servers. Despite protecting parts of a site against network attacks, passwords, credit card numbers and other valuable identifying information can still be intercepted via man-in-the-middle attacks if transmitted in plain text.
The benefits of HTTPS have been advocated for years. Hereâ€™s a quick roundup.
HTTPS guarantees the integrity and authenticity of connections. This means users should be confident they are talking to the true application server and that their communications remain unaltered.
The userâ€™s information remains confidential from prying eyes. Only your browser and the server can decrypt the traffic. Eavesdroppers canâ€™t understand the content of the communications between the two. This way, the userâ€™s privacy remains intact against ISP and government tracking.
In terms of threats, users are safe from sniffing attacks. These often occur via unencrypted wireless networks found in cafes, libraries and airports. They are also protected from spoofing attacks, since encryption is done using a key uniquely generated between the two computers, preventing the spoofer from â€œseeingâ€ how the two machines are communicating.
Impersonation attacks. Â When connected to unsecured Wi-Fi networks, users can fall victim to attackers looking to steal authentication cookies returned by services like Gmail after they have entered their login credentials. Bogdan Botezatu,Â Senior E-Threat Analyst says:
In the light of national espionage scandals that have erupted in the past two years, we see a lot of services moving their non-private content over HTTPS at the expense of computing power. The move does not only stop agencies from gathering sensitive user information, but also ensures that the content the user has not tampered with in any way.
Even if thereâ€™s no apparent reason for a site to adopt HTTPS and it may be a resource-intensive process with impact on the siteâ€™s performance, the cost of any data leak means itâ€™s worth it. And if you have a site, remember; itâ€™s better safe than sorry.