Mobile app version of vmapp.org
Login or Join
Bryan171

: Secrecy Since your content is public, HTTPS obviously won't hide it, but it might provide some benefits depending on the nature of your site. Privacy When someone requests a page over HTTPS,

@Bryan171

Secrecy

Since your content is public, HTTPS obviously won't hide it, but it might provide some benefits depending on the nature of your site.

Privacy

When someone requests a page over HTTPS, the request is encrypted, so if someone is watching your visitors, they won't know which pages they requested. Unfortunately, DNS (the system for getting an IP address based on your website's domain name) isn't encrypted, so an observer could still identify who visits your website. Even if that was encrypted, in most cases you could still tell which website someone is visiting based on IP addresses, which can't be hidden in the internet's current design.

Wikipedia offers HTTPS, which you might think is pointless because the content is public, but by doing this they protect their users: If someone is looking up "unpatriotic" things on Wikipedia (using HTTPS), their government can't tell which pages they're reading, just that they're on Wikipedia. Twitter is another case the content itself is public, but people don't necessarily want other people to know what they're doing on it.

Password Security

The other major reason you might want to consider HTTPS is if you have any login pages or other places where you accept private data from users (including yourself). If you don't support HTTPS at all, passwords and other information will be sent "in the clear", and anyone who can read network data can see them (the scary case used to be other people on the same wifi network as you; now it also includes various government agencies looking for blackmail material).

If you just support HTTPS on the login page, but not anywhere else, a clever attacker will intercept every page except the login page, and change the "Login" link to not use HTTPS, then intercept your communication (and if you force that page to HTTPS, they can just intercept the traffic and provide a fake version of it that does work). You can prevent this by always checking for a lock icon in your URL bar before logging in, but almost no one remembers to do that every time.

10% popularity Vote Up Vote Down


Login to follow query

More posts by @Bryan171

0 Comments

Sorted by latest first Latest Oldest Best

Back to top | Use Dark Theme