NICAR delivering the news over HTTPS

1. Delivering the news over HTTPS

3. Paul Schreiberpaul.schreiber@ﬁvethirtyeight.com @paulschreiber

18. 15%

26. http://www.bbc.co.uk/ http://www.bbc.co.uk/persian/ ✔

28. HTTP1991–2016

29. HTTP1991–2016

31. Marking HTTP As Non-Secure We, the Chrome Security Team, propose that user agents (UAs) gradually change their UX to display non-secure origins as afﬁrmatively non-secure. We intend to devise and begin deploying a transition plan for Chrome in 2015. The goal of this proposal is to more clearly display to users that HTTP provides no data security.

32. Marking HTTP As Non-Secure We, the Chrome Security Team, propose that user agents (UAs) gradually change their UX to display non-secure origins as afﬁrmatively non-secure. We intend to devise and begin deploying a transition plan for Chrome in 2015. The goal of this proposal is to more clearly display to users that HTTP provides no data security.

34. Deprecating Non-Secure HTTP Today we are announcing our intent to phase out non-secure HTTP. There are two broad elements of this plan: 1. Setting a date after which all new features will be available only to secure websites 2. Gradually phasing out access to browser features for non-secure websites, especially features that pose risks to users’ security and privacy.

38. The HTTPS-Only Standard All browsing activity should be considered private and sensitive. —https.cio.gov

40. A Call to Action If you run a news site, or any site at all, we’d like to issue a friendly challenge to you. Make a commitment to have your site fully on HTTPS by the end of 2015 and pledge your support with the hashtag #https2015. —Eitan Konigsburg, Rajiv Pant and Elena Kvochko “Embracing HTTPS” November 13, 2014

43. HTTPS

46. HTTP

47. HTTPS

51. 2008 HTTPS is slow

52. 2008 HTTPS is slow 2015 HTTPS is fast

63. HTTP 2.0

64. HTTPS

70. SHA-1

71. SHA-1

76. $ sslmate mkconfig

77. https://mozilla.github.io/ server-side-tls/ ssl-config-generator/

78. HTTPS enabled

79. HTTPS enabled HTTPS default

80. HTTPS enabled HTTPS default HSTS

81. HTTPS enabled HTTPS default HSTS HSTS preload

83. content

84. content 😕

85. content 🤔

86. comments

87. ads

88. social

89. analytics

90. CDNs

91. fonts

98. mixedcontent

99. mixedcontent $ mixed-content-scan

100. mixedcontent Content-Security-Policy: upgrade-insecure-requests

101. mixedcontent Content-Security-Policy- Report-Only: default-src https: data: 'self' 'unsafe-inline' 'unsafe- eval'; report-uri: https://myserver.com/log- tool/

102. NoHTTPS? ask nicely.

103. NoHTTPS? SoundCite placehold.it

104. mixedcontent Akamai http://hostname.com → https://a248.e.akamai.net/f/ 12/621/60d/hostname.com

105. <script src="//google.com/… <script src="https://googl… mixedcontent

106. <script src="//google.com/… <script src="https://googl… mixedcontent

107. mixedcontent

109. Many graphics from The Noun Project Mountains by Chris Cole; Statue of Liberty by John Melven; Tombstone by Jakob Wells; Congress by Martha Ormiston; Shield by Wayne Thayer; Books by Ashley van Dyck; Snail by aLf; carrot by Creative Stall; Geolocation by Alexander Smith; Notiﬁcation by vijay sekhar; Microphone by Edward Boatman; Video camera by Pham Thi Dieu Linh; Full screen by Garrett Knoll; Rotation by Lemon Liu; speedmeter by Michal Beno; layers by Muhamad Ulum; arrow by Maurizio Pedrazzoli; stick by Blaise Sewell; Server by Yazmin Alanis; SEO by Azis; Money by Nick Levesque; Shopping cart by Patrizia Daidone; Lock with keyhole by Brennan Novak; Scribble by Michael Chanover; Network by Stephen Boak; Hat based on work by Blake Kimmel. ; Warning by Icomatic; Error by Anas Ramadan.

NICAR delivering the news over HTTPS

Recommended

Recommended

More Related Content

Viewers also liked

Viewers also liked (16)

Similar to NICAR delivering the news over HTTPS

Similar to NICAR delivering the news over HTTPS (20)

More from Paul Schreiber

More from Paul Schreiber (14)

Recently uploaded

Recently uploaded (20)

NICAR delivering the news over HTTPS