Tuesday, January 01, 2013

Should all sites be expected to have https, even if there are no logons?


Electronic Frontier Foundation is reporting that all websites should turn on https all the time, as a way to defeat state-sponsored surveillance.  The New Year’s article bu Dan Auerbach is here

Encryption with https will not by itself prevent visitors from getting malware, however.

I’m not sure how relevant this comment is to a site like my doaskdotell.com that does not provide logons for visitors, but that is completely open to everyone and does not track.  I’m not sure either how relevant is its to “ordinary” blogs like this one. 

The subject could be further nuanced by recent FTC rules on preventing even inadvertent collection of data from minors without parental permission.  Maybe https gets relevant.  See my "COPA" blog today and Dec. 20 posting here. 

Put possibly visitors in less democratic countries would attract surveillance. For example, I know from Urchin that doaskdotell.com gets visits from Saudi Arabia and Pakistan (but not China, where it seems to be blocked).

How to implement (https) would depend on your hosting and server.  Apparently windows is different from Unix.  For starters, I found this Wiki link on how to get started on Apache, link
  
This is surely an evolving subject. 

No comments: