Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Delivering the news
over HTTPS
Paul Schreiberpaul.schreiber@fivethirtyeight.com
@paulschreiber
15%
http://www.bbc.co.uk/
http://www.bbc.co.uk/persian/
✔
HTTP1991–2016
HTTP1991–2016
Marking HTTP As Non-Secure
We, the Chrome Security Team, propose that user
agents (UAs) gradually change their UX to
displ...
Marking HTTP As Non-Secure
We, the Chrome Security Team, propose that user
agents (UAs) gradually change their UX to
displ...
Deprecating Non-Secure HTTP
Today we are announcing our intent to phase out
non-secure HTTP.
There are two broad elements ...
Deprecating Non-Secure HTTP
Today we are announcing our intent to phase out
non-secure HTTP.
There are two broad elements ...
Deprecating Non-Secure HTTP
Today we are announcing our intent to phase out
non-secure HTTP.
There are two broad elements ...
The HTTPS-Only Standard
All browsing activity should be considered
private and sensitive.
—https.cio.gov
A Call to Action
If you run a news site, or any site at all, we’d like
to issue a friendly challenge to you. Make a
commit...
HTTPS
HTTP
HTTPS
2008 HTTPS is slow
2008 HTTPS is slow
2015 HTTPS is fast
HTTP 2.0
HTTPS
SHA-1
SHA-1
$	sslmate	mkconfig
https://mozilla.github.io/	
server-side-tls/	
ssl-config-generator/
HTTPS enabled
HTTPS enabled
HTTPS default
HTTPS enabled
HTTPS default
HSTS
HTTPS enabled
HTTPS default
HSTS
HSTS preload
content
content
😕
content
🤔
comments
ads
social
analytics
CDNs
fonts
mixedcontent
mixedcontent
$	mixed-content-scan
mixedcontent
Content-Security-Policy:	
		upgrade-insecure-requests
mixedcontent Content-Security-Policy-
Report-Only:	default-src	
https:	data:	'self'	
'unsafe-inline'	'unsafe-
eval';	repor...
NoHTTPS?
ask
nicely.
NoHTTPS?
SoundCite
placehold.it
mixedcontent
Akamai
http://hostname.com	→	
https://a248.e.akamai.net/f/
12/621/60d/hostname.com
<script	src="//google.com/…	
<script	src="https://googl…
mixedcontent
<script	src="//google.com/…	
<script	src="https://googl…
mixedcontent
mixedcontent
Many graphics from The Noun Project

Mountains by Chris Cole; Statue of Liberty by John Melven; Tombstone by Jakob
Wells; ...
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
Upcoming SlideShare
Loading in …5
×

of

NICAR delivering the news over HTTPS Slide 1 NICAR delivering the news over HTTPS Slide 2 NICAR delivering the news over HTTPS Slide 3 NICAR delivering the news over HTTPS Slide 4 NICAR delivering the news over HTTPS Slide 5 NICAR delivering the news over HTTPS Slide 6 NICAR delivering the news over HTTPS Slide 7 NICAR delivering the news over HTTPS Slide 8 NICAR delivering the news over HTTPS Slide 9 NICAR delivering the news over HTTPS Slide 10 NICAR delivering the news over HTTPS Slide 11 NICAR delivering the news over HTTPS Slide 12 NICAR delivering the news over HTTPS Slide 13 NICAR delivering the news over HTTPS Slide 14 NICAR delivering the news over HTTPS Slide 15 NICAR delivering the news over HTTPS Slide 16 NICAR delivering the news over HTTPS Slide 17 NICAR delivering the news over HTTPS Slide 18 NICAR delivering the news over HTTPS Slide 19 NICAR delivering the news over HTTPS Slide 20 NICAR delivering the news over HTTPS Slide 21 NICAR delivering the news over HTTPS Slide 22 NICAR delivering the news over HTTPS Slide 23 NICAR delivering the news over HTTPS Slide 24 NICAR delivering the news over HTTPS Slide 25 NICAR delivering the news over HTTPS Slide 26 NICAR delivering the news over HTTPS Slide 27 NICAR delivering the news over HTTPS Slide 28 NICAR delivering the news over HTTPS Slide 29 NICAR delivering the news over HTTPS Slide 30 NICAR delivering the news over HTTPS Slide 31 NICAR delivering the news over HTTPS Slide 32 NICAR delivering the news over HTTPS Slide 33 NICAR delivering the news over HTTPS Slide 34 NICAR delivering the news over HTTPS Slide 35 NICAR delivering the news over HTTPS Slide 36 NICAR delivering the news over HTTPS Slide 37 NICAR delivering the news over HTTPS Slide 38 NICAR delivering the news over HTTPS Slide 39 NICAR delivering the news over HTTPS Slide 40 NICAR delivering the news over HTTPS Slide 41 NICAR delivering the news over HTTPS Slide 42 NICAR delivering the news over HTTPS Slide 43 NICAR delivering the news over HTTPS Slide 44 NICAR delivering the news over HTTPS Slide 45 NICAR delivering the news over HTTPS Slide 46 NICAR delivering the news over HTTPS Slide 47 NICAR delivering the news over HTTPS Slide 48 NICAR delivering the news over HTTPS Slide 49 NICAR delivering the news over HTTPS Slide 50 NICAR delivering the news over HTTPS Slide 51 NICAR delivering the news over HTTPS Slide 52 NICAR delivering the news over HTTPS Slide 53 NICAR delivering the news over HTTPS Slide 54 NICAR delivering the news over HTTPS Slide 55 NICAR delivering the news over HTTPS Slide 56 NICAR delivering the news over HTTPS Slide 57 NICAR delivering the news over HTTPS Slide 58 NICAR delivering the news over HTTPS Slide 59 NICAR delivering the news over HTTPS Slide 60 NICAR delivering the news over HTTPS Slide 61 NICAR delivering the news over HTTPS Slide 62 NICAR delivering the news over HTTPS Slide 63 NICAR delivering the news over HTTPS Slide 64 NICAR delivering the news over HTTPS Slide 65 NICAR delivering the news over HTTPS Slide 66 NICAR delivering the news over HTTPS Slide 67 NICAR delivering the news over HTTPS Slide 68 NICAR delivering the news over HTTPS Slide 69 NICAR delivering the news over HTTPS Slide 70 NICAR delivering the news over HTTPS Slide 71 NICAR delivering the news over HTTPS Slide 72 NICAR delivering the news over HTTPS Slide 73 NICAR delivering the news over HTTPS Slide 74 NICAR delivering the news over HTTPS Slide 75 NICAR delivering the news over HTTPS Slide 76 NICAR delivering the news over HTTPS Slide 77 NICAR delivering the news over HTTPS Slide 78 NICAR delivering the news over HTTPS Slide 79 NICAR delivering the news over HTTPS Slide 80 NICAR delivering the news over HTTPS Slide 81 NICAR delivering the news over HTTPS Slide 82 NICAR delivering the news over HTTPS Slide 83 NICAR delivering the news over HTTPS Slide 84 NICAR delivering the news over HTTPS Slide 85 NICAR delivering the news over HTTPS Slide 86 NICAR delivering the news over HTTPS Slide 87 NICAR delivering the news over HTTPS Slide 88 NICAR delivering the news over HTTPS Slide 89 NICAR delivering the news over HTTPS Slide 90 NICAR delivering the news over HTTPS Slide 91 NICAR delivering the news over HTTPS Slide 92 NICAR delivering the news over HTTPS Slide 93 NICAR delivering the news over HTTPS Slide 94 NICAR delivering the news over HTTPS Slide 95 NICAR delivering the news over HTTPS Slide 96 NICAR delivering the news over HTTPS Slide 97 NICAR delivering the news over HTTPS Slide 98 NICAR delivering the news over HTTPS Slide 99 NICAR delivering the news over HTTPS Slide 100 NICAR delivering the news over HTTPS Slide 101 NICAR delivering the news over HTTPS Slide 102 NICAR delivering the news over HTTPS Slide 103 NICAR delivering the news over HTTPS Slide 104 NICAR delivering the news over HTTPS Slide 105 NICAR delivering the news over HTTPS Slide 106 NICAR delivering the news over HTTPS Slide 107 NICAR delivering the news over HTTPS Slide 108 NICAR delivering the news over HTTPS Slide 109
Upcoming SlideShare
Equation2 Degre
Next
Download to read offline and view in fullscreen.

0 Likes

Share

Download to read offline

NICAR delivering the news over HTTPS

Download to read offline

Lots of websites — from Wikipedia to Reddit to the Washington Post — are moving towards encrypting all of their web traffic to protect their readers' privacy. We'll talk about what this all means (benefits, downsides) and problems we've encountered moving to HTTPS (and how we solved them).

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all
  • Be the first to like this

NICAR delivering the news over HTTPS

  1. 1. Delivering the news over HTTPS
  2. 2. Paul Schreiberpaul.schreiber@fivethirtyeight.com @paulschreiber
  3. 3. 15%
  4. 4. http://www.bbc.co.uk/ http://www.bbc.co.uk/persian/ ✔
  5. 5. HTTP1991–2016
  6. 6. HTTP1991–2016
  7. 7. Marking HTTP As Non-Secure We, the Chrome Security Team, propose that user agents (UAs) gradually change their UX to display non-secure origins as affirmatively non-secure. We intend to devise and begin deploying a transition plan for Chrome in 2015. The goal of this proposal is to more clearly display to users that HTTP provides no data security.
  8. 8. Marking HTTP As Non-Secure We, the Chrome Security Team, propose that user agents (UAs) gradually change their UX to display non-secure origins as affirmatively non-secure. We intend to devise and begin deploying a transition plan for Chrome in 2015. The goal of this proposal is to more clearly display to users that HTTP provides no data security.
  9. 9. Deprecating Non-Secure HTTP Today we are announcing our intent to phase out non-secure HTTP. There are two broad elements of this plan: 1. Setting a date after which all new features will be available only to secure websites 2. Gradually phasing out access to browser features for non-secure websites, especially features that pose risks to users’ security and privacy.
  10. 10. Deprecating Non-Secure HTTP Today we are announcing our intent to phase out non-secure HTTP. There are two broad elements of this plan: 1. Setting a date after which all new features will be available only to secure websites 2. Gradually phasing out access to browser features for non-secure websites, especially features that pose risks to users’ security and privacy.
  11. 11. Deprecating Non-Secure HTTP Today we are announcing our intent to phase out non-secure HTTP. There are two broad elements of this plan: 1. Setting a date after which all new features will be available only to secure websites 2. Gradually phasing out access to browser features for non-secure websites, especially features that pose risks to users’ security and privacy.
  12. 12. The HTTPS-Only Standard All browsing activity should be considered private and sensitive. —https.cio.gov
  13. 13. A Call to Action If you run a news site, or any site at all, we’d like to issue a friendly challenge to you. Make a commitment to have your site fully on HTTPS by the end of 2015 and pledge your support with the hashtag #https2015. —Eitan Konigsburg, Rajiv Pant and Elena Kvochko “Embracing HTTPS” November 13, 2014
  14. 14. HTTPS
  15. 15. HTTP
  16. 16. HTTPS
  17. 17. 2008 HTTPS is slow
  18. 18. 2008 HTTPS is slow 2015 HTTPS is fast
  19. 19. HTTP 2.0
  20. 20. HTTPS
  21. 21. SHA-1
  22. 22. SHA-1
  23. 23. $ sslmate mkconfig
  24. 24. https://mozilla.github.io/ server-side-tls/ ssl-config-generator/
  25. 25. HTTPS enabled
  26. 26. HTTPS enabled HTTPS default
  27. 27. HTTPS enabled HTTPS default HSTS
  28. 28. HTTPS enabled HTTPS default HSTS HSTS preload
  29. 29. content
  30. 30. content 😕
  31. 31. content 🤔
  32. 32. comments
  33. 33. ads
  34. 34. social
  35. 35. analytics
  36. 36. CDNs
  37. 37. fonts
  38. 38. mixedcontent
  39. 39. mixedcontent $ mixed-content-scan
  40. 40. mixedcontent Content-Security-Policy: upgrade-insecure-requests
  41. 41. mixedcontent Content-Security-Policy- Report-Only: default-src https: data: 'self' 'unsafe-inline' 'unsafe- eval'; report-uri: https://myserver.com/log- tool/
  42. 42. NoHTTPS? ask nicely.
  43. 43. NoHTTPS? SoundCite placehold.it
  44. 44. mixedcontent Akamai http://hostname.com → https://a248.e.akamai.net/f/ 12/621/60d/hostname.com
  45. 45. <script src="//google.com/… <script src="https://googl… mixedcontent
  46. 46. <script src="//google.com/… <script src="https://googl… mixedcontent
  47. 47. mixedcontent
  48. 48. Many graphics from The Noun Project Mountains by Chris Cole; Statue of Liberty by John Melven; Tombstone by Jakob Wells; Congress by Martha Ormiston; Shield by Wayne Thayer; Books by Ashley van Dyck; Snail by aLf; carrot by Creative Stall; Geolocation by Alexander Smith; Notification by vijay sekhar; Microphone by Edward Boatman; Video camera by Pham Thi Dieu Linh; Full screen by Garrett Knoll; Rotation by Lemon Liu; speedmeter by Michal Beno; layers by Muhamad Ulum; arrow by Maurizio Pedrazzoli; stick by Blaise Sewell; Server by Yazmin Alanis; SEO by Azis; Money by Nick Levesque; Shopping cart by Patrizia Daidone; Lock with keyhole by Brennan Novak; Scribble by Michael Chanover; Network by Stephen Boak; Hat based on work by Blake Kimmel. ; Warning by Icomatic; Error by Anas Ramadan.

Lots of websites — from Wikipedia to Reddit to the Washington Post — are moving towards encrypting all of their web traffic to protect their readers' privacy. We'll talk about what this all means (benefits, downsides) and problems we've encountered moving to HTTPS (and how we solved them).

Views

Total views

1,225

On Slideshare

0

From embeds

0

Number of embeds

5

Actions

Downloads

3

Shares

0

Comments

0

Likes

0

×