Reddit has announced this week that it will move all users across to HTTPS encryption by default from 29th June.
The popular website has been available since September last year over HTTPS, however it was always an optional upgrade.
“When using HTTPS on reddit, your connection will be fully encrypted. Anyone watching your connection (such as WiFi hotspot providers) will be unable to see the plain-text contents of what your browser is communicating with reddit. This helps ensure that your communications with reddit, including your authentication credentials and cookies, will not be viewable through the use of man-in-the-middle attacks,” explained reddit systems administrator Jason Harvey in a blog post.
Reddit, the self-proclaimed “front page of the internet”, is just the latest in a string of major websites to move over to HTTPS encryption. Microsoft’s Bing also announced earlier this week that it would encrypt all traffic by default over the next few months. Netflix and Wikimedia are also planning a similar move.
Google has started to rank websites without HTTPS lower in its search rankings, and itself disabled the option to turn off HTTPS encryption across Gmail.
While HTTPS is a common security feature on sites dealing with sensitive data such as online banking, social networking and email services, many website operators still use the unencrypted HTTP protocol, hesitant to support HTTPS due to the cost of certification and the complexity of enabling it.
“The application process can be confusing. It usually costs money. It’s tricky to install correctly. It’s a pain to update,” explained Josh Aas, executive director at the Internet Security Research Group (ISRG).
However, projects such as the recently launched, ISRG-backed ‘Let’s Encrypt’ initiative could provide the answer to these hurdles by offering free digital SSL/TLS certificates to the general public from September.