I made harrywood.co.uk run on HTTPS recently. Quite easy to do, and free using letsencrypt
Why encrypt harrywood.co.uk?
On the face of it there’s not much point. This is mostly just a straightforward read-only website. Not much scope for bad people to be snooping anything interesting. No passwords or credit cards or anything. General “tracking” doesn’t seem particularly problematic either. Who really cares if somebody can track the fact that you’ve been visiting these sweet innocent innocuous blog posts? Well…
Some types of commercial web tracking only tend to get creepy when they happen in bulk. The evil corporate advertising machine won’t learn much about you from knowing you read a blog post on harrywood.co.uk, but it might start to know you pretty well if it knows this and the previous thousand websites you visited. Encryption throws a spanner in the works for some types of tracking.
Government tracking by intelligence agencies, is also thwarted by encryption (more so probably). They would also like to intercept your browsing traffic to get to know you with their big evil AI. Now sometimes I think it’s fair enough for governments to do a bit of anti-terrorism targeted snooping, but the trouble is it’s too easy for politicians to make that simple-minded argument. The flipside is a subtle future threat of eroded freedoms. That’s tricky, and in general I don’t trust politicians to weigh it up properly. We can use technical measures (encryption!) to help things move in a more freedom preserving direction.
Tracking is a numbers game, done across many websites, and equally encryption as a counter-measure is more effective if we encrypt many websites. If we start to be able to browse a significant proportion of the web in HTTPS, even right down to piddly little websites like this one, then we’ll be getting somewhere. As a result it’s becoming recommendation and slowly a sort of groundswell of expectation on webmasters to do this. It’s slow to get lazy webmasters like me to do something like this, but …well now’s the time for harrywood.co.uk (Who knows? One day I may actually work on updating the content!)
Encryption helps protect against password snooping security issues. harrywood.co.uk has no user passwords, except… my own password for logging in to write blog posts. I’ve probably used this from public wifi access points in the past. Slapped wrists for me. But now I guess I can be a little more relaxed about that. Speaking of wifi, wifi javascript injection (attacks or just crappy advertising) seems like a nasty problem. Are we safe using any wifi these days? Well we’re a lot safer from this when browsing HTTPS sites.
this article describing unhealthy security absolutism is an interesting read. I’m not using CloudFlare, so that’s not relevant, but it’s an interesting caveat on the browsers ‘https’ icon. Lots of good general points about HTTPs security there too
I seem to end up on this blog a lot: Jeff Atwood codinghorror.com blog – Let’s Encrypt Everything. I like the graph show SSL adoption growth