NY Times Urges News Sites To Embrace HTTPS/SSL… In An Article That Can't Be Read Via HTTPS

from the fail dept

Earlier this year, Techdirt announced that it had gone over to HTTPS as a default to better protect everyone’s privacy on this site. As the Freedom of the Press Foundation recently pointed out, it appears that we’re one of only three media properties that do so, along with Muckrock and the Intercept. A few others have SSL, but not by default. But most don’t even have HTTPS at all.

That’s why it was really interesting to see the NY Times publish a piece encouraging news organization to “embrace HTTPS,” detailing why it’s a good idea, and knocking down many of the excuses that some have used not to move forward. The piece is co-authored by Rajiv Pant, the CTO of the NY Times. Thus, you’d expect that the NY Times has SSL, right? Wrong. Hell, just try to visit that very article with the HTTPS version and you get:

So, kudos to the NYT for pushing HTTPS for news organizations, but it seems like the kind of thing worth doing after you’ve done it yourself.

Filed Under: , , , , , ,
Companies: ny times

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “NY Times Urges News Sites To Embrace HTTPS/SSL… In An Article That Can't Be Read Via HTTPS”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Americans Say They Want Privacy, but Act as if They Don’t

An interesting article in the New York Times: “Americans Say They Want Privacy, but Act as if They Don’t”, by Claire Cain Miller, Nov 12, 2014

Americans say they are deeply concerned about privacy on the web and their cellphones. They say they do not trust Internet companies or the government to protect it. Yet they keep using the services and handing over their personal information. . . .

Wow.   Who knew?

alanbleiweiss (profile) says:

Implementation fails

As someone who audits sites for a living, I can’t tell you how sad it is out there. Most site managers / devs who roll out HTTPS make big mistakes.

I’ve seen it do so much harm it’s pathetic. And the bigger the site, the more likely there’s a lack of proper QA testing overall long before a site tries to go “all” HTTPS.

So this is a perfect example of that.

markzip (profile) says:

Tracking and advertising

I suspect that the very biggest reason that the Times has not gotten there yet is revealed in this section:

The Challenges

To successfully move to HTTPS, all requests to page assets need to be made over a secure channel. It’s a daunting challenge, and there are a lot of moving parts. We have to consider resources that are currently being loaded from insecure domains — everything from JavaScript to advertisement assets.

If the assets for an advertisement aren’t able to serve over an HTTPS channel, the advertisement will probably not display on the page, directly affecting revenue. It can be difficult to determine if each advertisement will load over HTTPS. Considering the importance of advertisements, this is very likely to be a significant hurdle to many media organizations’ implementation of HTTPS. While some advertising platforms, including Google’s DoubleClick for Publishers (DFP), do support HTTPS loading, there are still a number of ad networks that may not be HTTPS-compatible.

That particular NY Times article has references to (at minimum) the following third-party resources:
Dynamic Yield, Google Analytics, New Relic, Web Trends, Adobe Typekit, Scorecard Research, Revsci, Chartbeat.

Mike, can you tell us how difficult it was for you guys to go HTTPS? This very TechDirt article is pulling even more third party resources: Bizo, ChartBeat, DoubleClick, Facebook Connect, Flattr, Google Analytics, Google+ Platform, Gravatar, Quantcast, Reddit, Scorecard Research, Twitter Button, Akamai (not sure that counts), Google APIs, Google Tag Services. And possibly others I cannot see.

Just how much of a challenge is it?

Calvin says:

HTTPS sucks

I have an older browser and had been reading this site daily for more than three years. When it started using https, my computer started running hot, so I didn’t read as much. And something happened in the past month so that I can’t read this site at all unless I switch to a browser I hate.

What’s the point of https on a site like this? All I want to do is read the posts. What’s the point of encryption if I’m not sending credit-card information or other personal stuff? Encryption just for the sake of encryption just seems dumb.

Anonymous Coward says:

Re: HTTPS sucks

What’s the point of https on a site like this?

The articles that I choose to read here at Techdirt, that is, the urls of the pages I visit at this site, ought not to be any business or concern of my ISP. Absent a secure connection, anyone in position to eavesdrop on the communication between my browser and Techdirt’s server would be in position to determine which articles I read here.

The liberty to read in freedom ought to be cherished. See, generally, Tattered Cover v City of Thorton (Colo. 2002).

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...