Naked Security now available in HTTPS


padlockOK, it isn’t the biggest news story ever but if we didn’t tell you, you wouldn’t know. So here it is – every page of Naked Security is now available to everyone over HTTPS (including the one you’re reading).

HTTPS is the secure, encrypted, version of the Hypertext Transfer Protocol – the language that your web browser uses when it’s talking to a website.

Using HTTPS instead of HTTP means that any data you send or receive, such as pages, cookies, images, comments, personal data or passwords, is encrypted and therefore unintelligible to anyone trying to eavesdrop on what you’re doing.

Since the earliest days of the web, HTTPS has been used to keep sensitive information like passwords and credit card numbers safe.

As web users have begun to understand how blanket surveillance works, and how it can make use of very large amounts of apparently mundane data, the demand for more routine use of encryption has grown.

Of course we haven’t just discovered HTTPS – the Naked Security team has always used HTTPS when logged in for tasks such as publishing articles, processing comments and carrying out administrative tasks.

However because Naked Security is hosted by WordPress VIP, the pages that need encryption have also had to use a certificate and subdomain. A result of that was that we couldn’t use HTTPS with the site’s well known and trusted public domain –

It was a situation we lived with but we long-harboured a desire to offer you, our readers, the option of using HTTPS, even though what you are reading is already publicly-available information.

When the folks at WordPress VIP told us they were piloting the use of Server Name Indication (SNI), a technology that would allow us to offer HTTPS with the domain name our users know and trust, we jumped at the chance.

SNI will ‘just work’ for most people but isn’t supported by some very old software.

By the way, if you are browsing the web using technology that’s so old that it doesn’t support SNI, most notably Internet Explorer on Windows XP, then you likely have far more serious security problems to worry about than certificate errors on Naked Security and you probably shouldn’t be connected to the internet at all!

If you’d like to make sure you always read Naked Security over an encrypted connection then we recommend the Electronic Frontier Foundation’s HTTPS Everywhere. It’s a plugin that forces your browser to use HTTPS wherever it’s available.

To use HTTPS Everywhere with Naked Security either configure it according to your own preference or download our HTTPS Everywhere ruleset and save it to the appropriate place on your system.