Enlarge
We are excited to announce that Ars Technica has made the jump to greater security: we now have HTTPS browsing by default.

The switch to encryption will help secure your connection to Ars from eavesdropping by unauthorized parties (emphasis on the “help,” since browsing with HTTPS is only one part of a sane defense-in-depth strategy, and lots of browsing metadata is exposed regardless of whether or not you use HTTPS).

For most readers, the change will be a transparent one.

Browser address bars will show a green SSL/TLS notification, but everything else should remain the same. We hope we’ve anticipated potential problems, but if you run into any issues, please let us know via this Google form.
It has been a long and winding road to get here, primarily because external assets and services we depend on weren’t all ready for HTTPS when we were.

Changing the default schema on a complex site like Ars—which is really a mix of static assets and dynamic Web apps, serving over 60 million pages per month to 15 million readers on a distributed bunch of physical and virtual servers—isn’t a trivial endeavor (a big shout out to Scott Helme, who has put together some amazing informational resources and a free reporting service to help sites ease their transition to HTTPS).
Where we go from here
Now that this step is complete, there are other things we’d like to do to push forward our role in advancing the encrypted-by-default Web and to take our SSL/TLS setup from acceptable to exceptional.
Read 9 remaining paragraphs

Leave a Reply