Stories
Slash Boxes
Comments

SoylentNews is people

Why No HTTPS? Here's the World's Largest Websites Not Redirecting Insecure Requests

posted by martyb on Wednesday July 25 2018, @06:07AM   Printer-friendly
from the wasn't-worth-the-work...-until-now? dept.

MrPlow writes:

Submitted via IRC for AndyTheAbsurd

As of today, Google begins shipping Chrome 68 which flags all sites served over the HTTP scheme as being "not secure". This is because the connection is, well, not secure so it seems like a fairly reasonable thing to say! We've known this has been coming for a long time now both through observing the changes in the industry and Google specifically saying "this is coming". Yet somehow, we've arrived at today with a sizable chunk of the web still serving traffic insecurely:

The majority of the Internet’s top 1M most popular sites will show up as “Not Secure” in @GoogleChrome starting July 24th. Make sure your site redirects to #HTTPS, so you don’t have the same problem. @Cloudflare makes it easy! #SecureOnChrome https://t.co/G2a0gi2aM8 pic.twitter.com/r2HWkfRofW

— Cloudflare (@Cloudflare) July 23, 2018

Who are these people?! After all the advanced warnings combined with all we know to be bad about serving even static sites over HTTP, what sort of sites are left that are neglecting such a fundamental security and privacy basic? I wanted to find out which is why today, in conjunction with Scott Helme, we're launching Why No HTTPS? You can find it over at WhyNoHTTPS.com (served over HTTPS, of course), and it's a who's who of the world's biggest websites not redirecting insecure traffic to the secure scheme:

The article continues with a list of "The World's Most Popular Websites Loaded Insecurely", tools and techniques used to gather the data, different responses based on the version of curl, differences accessing the bare domain name versus with the "www." prefix, and asks for any corrections. One can also access the aforementioned website set up specifically for tracking these results: https://whynohttps.com/.

Source: https://www.troyhunt.com/why-no-https-heres-the-worlds-largest-websites-not-redirecting-insecure-requests/

Original Submission

 
This discussion has been archived. No new comments can be posted.
Why No HTTPS? Here's the World's Largest Websites Not Redirecting Insecure Requests | Log In/Create an Account | Top | 97 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by toddestan on Thursday July 26 2018, @03:04AM

    by toddestan (4982) on Thursday July 26 2018, @03:04AM (#712888)

    I can't imagine trying to use the modern internet on Windows 95. The first challenge will be trying to find a browser that would render modern websites that also runs on Windows 95. Even if you managed to find one, the amount of Javascript and other bloat on any website one might want to visit would absolutely bring the machine to its knees. Ditto for even running the browser, most of which nowadays have RAM footprints in sizes used to measure harddrives back when Windows 95 was new. Keep in mind a high-end Windows 95 machine is probably 300 MHz with 256 MB of ram. Installing on anything much newer and you'll run into all kinds of driver problems, and even if you manage to cram more RAM into the machine Windows 95 won't know what to do with it (same goes for a second CPU). The hardware would easily be 20 years old.

    Maybe some libraries might still have Windows 95 running an old electronic card catalog (the 1990's style that was a dedicated application before they went web-based), but as a general internet browsing machine? No way.

    Though if you do make websites for Windows 95, maybe you do see a decent amount of visitors because you probably got the market cornered :)

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2