Submitted via IRC for AndyTheAbsurd
As of today, Google begins shipping Chrome 68 which flags all sites served over the HTTP scheme as being "not secure". This is because the connection is, well, not secure so it seems like a fairly reasonable thing to say! We've known this has been coming for a long time now both through observing the changes in the industry and Google specifically saying "this is coming". Yet somehow, we've arrived at today with a sizable chunk of the web still serving traffic insecurely:
The majority of the Internet’s top 1M most popular sites will show up as “Not Secure” in @GoogleChrome starting July 24th. Make sure your site redirects to #HTTPS, so you don’t have the same problem. @Cloudflare makes it easy! #SecureOnChrome https://t.co/G2a0gi2aM8 pic.twitter.com/r2HWkfRofW
— Cloudflare (@Cloudflare) July 23, 2018
Who are these people?! After all the advanced warnings combined with all we know to be bad about serving even static sites over HTTP, what sort of sites are left that are neglecting such a fundamental security and privacy basic? I wanted to find out which is why today, in conjunction with Scott Helme, we're launching Why No HTTPS? You can find it over at WhyNoHTTPS.com (served over HTTPS, of course), and it's a who's who of the world's biggest websites not redirecting insecure traffic to the secure scheme:
The article continues with a list of "The World's Most Popular Websites Loaded Insecurely", tools and techniques used to gather the data, different responses based on the version of curl, differences accessing the bare domain name versus with the "www." prefix, and asks for any corrections. One can also access the aforementioned website set up specifically for tracking these results: https://whynohttps.com/.
(Score: 3, Informative) by c0lo on Wednesday July 25 2018, @07:11AM (7 children)
EE UK [wikipedia.org] a mobile comms provider.
Their idea of protecting the kids [ee.co.uk]:
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 1, Insightful) by Anonymous Coward on Wednesday July 25 2018, @07:41AM (1 child)
This shows that HTTPS is, at least on the mass-deployment scale, secure enough to prevent "them" from reading and modifying your web traffic. Not the NSA's secret-agent type, but the casual, everyday "I'll trample everybody's privacy simply because I damn well can".
Now just imagine: what would happen to those save-the-children snakeoil peddlers if the whole web were indeed on HTTPS ?
:-o
(Score: 2) by jmorris on Wednesday July 25 2018, @05:04PM
They would direct you to a captive portal offering you their "app" to permit access. It would gimp your browser's certificate store to let them see your traffic. And since people want the access they would install it. Game over.
(Score: 2) by MostCynical on Wednesday July 25 2018, @07:44AM (1 child)
Important to protect children from homework..
https://www.spellingcity.com [spellingcity.com]
https://www.education.vic.gov.au/languagesonline/french/french.htm [vic.gov.au]
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 0) by Anonymous Coward on Wednesday July 25 2018, @11:06AM
Dude, WTF is wrong with you? I mean really? Once kids know how to spell "sex" they're half way to finding out about it.
(Score: 2, Informative) by MichaelDavidCrawford on Wednesday July 25 2018, @10:44AM (2 children)
I Am Absolutely Serious:
It happens that Michael Patrick Dumble-Smythe's stage name is Michael Crawford.
Dumble-Smythe starred as the phantom in the London stage production of The Phantom Of The Opera.
In no way have any of my websites ever suggested that I had ever been an actor.
Despite that, there were a few years that I _regularly_ received love letters from nine year old girls. I _always_ replied:
"Do your parents know that you're eMailing adult men who are complete strangers to you?"
I got lots of offers for sexual affairs from middle-aged married women as well.
Yes I Have No Bananas. [gofundme.com]
(Score: 3, Funny) by Whoever on Wednesday July 25 2018, @03:17PM (1 child)
How many are called Betty?
(Score: 0) by Anonymous Coward on Thursday July 26 2018, @03:13AM
This list?
https://en.wikipedia.org/wiki/Betty [wikipedia.org]
Or is there something in pop culture that I've missed?