SoylentNews is people
SoylentNews
from the wasn't-worth-the-work...-until-now? dept.
Submitted via IRC for AndyTheAbsurd
As of today, Google begins shipping Chrome 68 which flags all sites served over the HTTP scheme as being "not secure". This is because the connection is, well, not secure so it seems like a fairly reasonable thing to say! We've known this has been coming for a long time now both through observing the changes in the industry and Google specifically saying "this is coming". Yet somehow, we've arrived at today with a sizable chunk of the web still serving traffic insecurely:
The majority of the Internet’s top 1M most popular sites will show up as “Not Secure” in @GoogleChrome starting July 24th. Make sure your site redirects to #HTTPS, so you don’t have the same problem. @Cloudflare makes it easy! #SecureOnChrome https://t.co/G2a0gi2aM8 pic.twitter.com/r2HWkfRofW
— Cloudflare (@Cloudflare) July 23, 2018
Who are these people?! After all the advanced warnings combined with all we know to be bad about serving even static sites over HTTP, what sort of sites are left that are neglecting such a fundamental security and privacy basic? I wanted to find out which is why today, in conjunction with Scott Helme, we're launching Why No HTTPS? You can find it over at WhyNoHTTPS.com (served over HTTPS, of course), and it's a who's who of the world's biggest websites not redirecting insecure traffic to the secure scheme:
The article continues with a list of "The World's Most Popular Websites Loaded Insecurely", tools and techniques used to gather the data, different responses based on the version of curl, differences accessing the bare domain name versus with the "www." prefix, and asks for any corrections. One can also access the aforementioned website set up specifically for tracking these results: https://whynohttps.com/.
(Score: 0) by Anonymous Coward on Wednesday July 25 2018, @11:11AM (6 children)
Are you in a shortage of those?
How about you come with a realistic plan on how to stop NSA spying on everybody, US citizens included?
Until you do, I'll stick with HTTPS-everywhere, thank you.
Listen to him, just listen.
He's saying: "anyone who doesn't like NSA spying the Internet is redefining oppression. Actually NSA intercepting all traffic is freedom, or at least not-oppression".
(Score: 0) by Anonymous Coward on Wednesday July 25 2018, @12:32PM (4 children)
Personally, no. Multiply it by the number of unnecessary SSL web sites.
More power to the house oversight committee and strict limitations on offshoring intelligence gathering when it targets US citizens.
Legislative overreach, weaponization of government [forbes.com] and politicization of the 3 letter agencies [newsmax.com] are the problems. Criminals and terrorists don't get to play the oppression card.
(Score: 0) by Anonymous Coward on Wednesday July 25 2018, @01:28PM (3 children)
Yeah, the non-US citizens are all criminals and terrorists. Way to go, brah.
(Score: 0) by Anonymous Coward on Wednesday July 25 2018, @02:01PM (2 children)
Non-citizens are not under US constitutional protection. Try again!
(Score: 0) by Anonymous Coward on Wednesday July 25 2018, @02:55PM
The fourth amendment doesn't actually say any such thing.
(Score: 2) by maxwell demon on Wednesday July 25 2018, @10:38PM
The US constitution puts limits on what the US government may do. Unless that limit explicitly is restricted to the case that US citizens are targeted, the limitations are valid no matter who is targeted.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by Pino P on Thursday July 26 2018, @06:17PM
I personally currently am not. The administrator of a school in a remote area whose Internet uplink is 128 kbps and harshly metered is.