NY Times Urges News Sites To Embrace HTTPS/SSL... In An Article That Can't Be Read Via HTTPS

from the fail dept

Earlier this year, Techdirt announced that it had gone over to HTTPS as a default to better protect everyone's privacy on this site. As the Freedom of the Press Foundation recently pointed out, it appears that we're one of only three media properties that do so, along with Muckrock and the Intercept. A few others have SSL, but not by default. But most don't even have HTTPS at all.

That's why it was really interesting to see the NY Times publish a piece encouraging news organization to "embrace HTTPS," detailing why it's a good idea, and knocking down many of the excuses that some have used not to move forward. The piece is co-authored by Rajiv Pant, the CTO of the NY Times. Thus, you'd expect that the NY Times has SSL, right? Wrong. Hell, just try to visit that very article with the HTTPS version and you get:
So, kudos to the NYT for pushing HTTPS for news organizations, but it seems like the kind of thing worth doing after you've done it yourself.

Filed Under: https, media sites, ny times, privacy, rajiv pant, security, ssl
Companies: ny times


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 14 Nov 2014 @ 1:38pm

    Americans Say They Want Privacy, but Act as if They Don’t

    An interesting article in the New York Times: “Americans Say They Want Privacy, but Act as if They Don’t”, by Claire Cain Miller, Nov 12, 2014
    Americans say they are deeply concerned about privacy on the web and their cellphones. They say they do not trust Internet companies or the government to protect it. Yet they keep using the services and handing over their personal information. . . .

    Wow.   Who knew?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 14 Nov 2014 @ 2:16pm

      Re: Americans Say They Want Privacy, but Act as if They Don’t

      Obama really is like other Americans after all: Say one thing, do another.

      reply to this | link to this | view in chronology ]

    • icon
      McCrea (profile), 14 Nov 2014 @ 5:49pm

      Re: Americans Say They Want Privacy, but Act as if They Don’t

      Most of the fellow Americans I know say we'll never have privacy.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 17 Nov 2014 @ 8:54am

      Re: Americans Say They Want Privacy, but Act as if They Don’t

      And people continue to use Windows and Mac instead of Linux which is free software... And use Google Chrome... and Gmail... and then cry for privacy.

      reply to this | link to this | view in chronology ]

  • icon
    alanbleiweiss (profile), 14 Nov 2014 @ 1:40pm

    Implementation fails

    As someone who audits sites for a living, I can't tell you how sad it is out there. Most site managers / devs who roll out HTTPS make big mistakes.

    I've seen it do so much harm it's pathetic. And the bigger the site, the more likely there's a lack of proper QA testing overall long before a site tries to go "all" HTTPS.

    So this is a perfect example of that.

    reply to this | link to this | view in chronology ]

    • icon
      Mike Masnick (profile), 14 Nov 2014 @ 2:45pm

      Re: Implementation fails

      So this is a perfect example of that.


      I don't think so. I think this is them not doing it at all, and just saying everyone should. I assume the NYT will be doing it soon, but still odd...

      reply to this | link to this | view in chronology ]

      • icon
        alanbleiweiss (profile), 14 Nov 2014 @ 3:13pm

        Re: Re: Implementation fails

        I disagree. If you're not going to allow proper https functionality, the correct best practices functionality should have the https version automatically redirect via 301 server redirect to the non https version.

        This ensures that anyone getting to the page will actually get a page.

        reply to this | link to this | view in chronology ]

      • icon
        The Wanderer (profile), 20 Jun 2016 @ 6:42am

        Re: Re: Implementation fails

        More than a year and a half later, I just checked; the article is still accessible at the HTTP link, but the HTTPS link still returns a "could not connect to server" error.

        Looks like this was more a "non-binding opinion piece" than anything else...

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Nov 2014 @ 1:46pm

    This might have been rushed out. In the headline Urgers should be Urges and in the body encrouaging should be encouraging.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Nov 2014 @ 2:11pm

    Do as I say not as I do, down on the farm we call that a hypocrite. Good to see techdirt on board. Hopefully there will be something more secure, open source, and readily available in the near future.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Nov 2014 @ 2:12pm

    Is there an opposite for the phrase "preaching to the choir," something like, "preaching by the heathens?"

    Well, I guess it would just be "politician speaks," if we're just going for a phrase that covers the utterance of hypocritical statements.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Anonymous Coward, 14 Nov 2014 @ 2:21pm

    Confusion

    I am trying to figure out who lives in the glass house and should not be throwing stones; is it the NYT, the article author, every media organization that is not supporting https, or everybody else?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Nov 2014 @ 2:28pm

    Urgers?

    reply to this | link to this | view in chronology ]

  • icon
    markzip (profile), 14 Nov 2014 @ 4:30pm

    Tracking and advertising

    I suspect that the very biggest reason that the Times has not gotten there yet is revealed in this section:

    The Challenges

    To successfully move to HTTPS, all requests to page assets need to be made over a secure channel. It’s a daunting challenge, and there are a lot of moving parts. We have to consider resources that are currently being loaded from insecure domains — everything from JavaScript to advertisement assets.

    If the assets for an advertisement aren’t able to serve over an HTTPS channel, the advertisement will probably not display on the page, directly affecting revenue. It can be difficult to determine if each advertisement will load over HTTPS. Considering the importance of advertisements, this is very likely to be a significant hurdle to many media organizations’ implementation of HTTPS. While some advertising platforms, including Google’s DoubleClick for Publishers (DFP), do support HTTPS loading, there are still a number of ad networks that may not be HTTPS-compatible.


    That particular NY Times article has references to (at minimum) the following third-party resources:
    Dynamic Yield, Google Analytics, New Relic, Web Trends, Adobe Typekit, Scorecard Research, Revsci, Chartbeat.

    Mike, can you tell us how difficult it was for you guys to go HTTPS? This very TechDirt article is pulling even more third party resources: Bizo, ChartBeat, DoubleClick, Facebook Connect, Flattr, Google Analytics, Google+ Platform, Gravatar, Quantcast, Reddit, Scorecard Research, Twitter Button, Akamai (not sure that counts), Google APIs, Google Tag Services. And possibly others I cannot see.

    Just how much of a challenge is it?

    reply to this | link to this | view in chronology ]

  • identicon
    Calvin, 14 Nov 2014 @ 4:58pm

    HTTPS sucks

    I have an older browser and had been reading this site daily for more than three years. When it started using https, my computer started running hot, so I didn't read as much. And something happened in the past month so that I can't read this site at all unless I switch to a browser I hate.

    What's the point of https on a site like this? All I want to do is read the posts. What's the point of encryption if I'm not sending credit-card information or other personal stuff? Encryption just for the sake of encryption just seems dumb.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 14 Nov 2014 @ 5:21pm

      Re: HTTPS sucks

      What's the point of https on a site like this?

      The articles that I choose to read here at Techdirt, that is, the urls of the pages I visit at this site, ought not to be any business or concern of my ISP. Absent a secure connection, anyone in position to eavesdrop on the communication between my browser and Techdirt's server would be in position to determine which articles I read here.

      The liberty to read in freedom ought to be cherished. See, generally, Tattered Cover v City of Thorton (Colo. 2002).

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Nov 2014 @ 11:43pm

    Are we sure this is an actual NYT article or is it some Law enforcement data grab.

    reply to this | link to this | view in chronology ]

  • icon
    toyotabedzrock (profile), 16 Nov 2014 @ 1:39am

    I'm a bit fuzzy on what use a news site needs ssl for.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 16 Nov 2014 @ 8:30am

      Re:

      I'm a bit fuzzy on what use a news site needs ssl for.
      Well, suppose the news site was delivering “communist political propaganda”, as was the case in Lamont v Postmaster General (1965).

      Would you want your neighbors, or your employer, or the government to find out you were reading “communist political propaganda”?

      reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.