2,438
edits
Changes
no edit summary
| 2010 || {{dts|January 12}} || Website || Google (GMail) || Default HTTPS-only || Google switches all GMail users to redirect to HTTPS; users can change their setings to not redirect to HTTPS. Previously, the default option for this setting was to not redirect, and users had to explicitly choose the option to redirect HTTP to HTTPS.<ref>{{cite web|url = https://gmail.googleblog.com/2010/01/default-https-access-for-gmail.html|title = Default https access for Gmail|date = January 12, 2010|accessdate = November 19, 2017|publisher = Google|last = Schillace|first = Sam}}</ref>
|-
| 2010 || {{dts|June 17}} || Browser extension || HTTPS Everywhere || || The {{w|Electronic Frontier Foundation}} and {{w|The Tor Project, Inc}} launch {{w|HTTPS Everywhere}}, a {{w|Firefox}} extension, to make Firefox use HTTPS where possible.<ref>{{cite web|url = https://www.eff.org/deeplinks/2010/06/encrypt-web-https-everywhere-firefox-extension|title = Encrypt the Web with the HTTPS Everywhere Firefox Extension|last = Eckersley|first = Peter|date = June 17, 2010|accessdate = November 19, 2017|publisher = Electronic Frontier Foundation}}</ref> The extension would evolve over the coming years. As of 2017, it is supported on Firefox, Chrome, and Opera.<ref name=https-everywhere>{{cite web|url = https://www.eff.org/https-everywhere|title = HTTPS Everywhere|accessdate = November 19, 2017}}</ref>|-| 2010 || {{dts|June 2}} || Browser enhancement || SSL False Start || || A Google team comprising Adam Langley, Nagendra Modadugu, and Bodo Moeller propose SSL False Start, a client-side only change to reduce one round-trip from the SSL handshake.<ref>{{cite web|url = https://tools.ietf.org/html/draft-bmoeller-tls-falsestart-00|title = Transport Layer Security (TLS) False Start|date = June 2, 2010|accessdate = November 19, 2017|publisher = Internet Engineering Task Force}}</ref><ref>{{cite web|url = https://blog.chromium.org/2011/05/ssl-falsestart-performance-results.html|title = SSL FalseStart Performance Results|date = May 18, 2011|accessdate = November 19, 2017|publisher = Chromium blog}}</ref><ref>{{cite web|url = https://www.imperialviolet.org/2010/09/05/blacklisting.html|title = Changing HTTPS|date = September 5, 2010|accessdate = November 19, 2017|publisher = Imperial Violet}}</ref> Despite tests showing that it reduces latency by 30%, the effort would be abandoned in April 2012 because of incompatible with some servers doing early HTTPS termination.<ref>{{cite web|url = https://arstechnica.com/information-technology/2012/04/google-abandons-noble-experiment-to-make-ssl-less-painful/|title = False Start’s sad demise: Google abandons noble attempt to make SSL less painful|last = Goodin|first = Dan|date = April 12, 2012|accessdate = November 19, 2017}}</ref>
|-
| 2011 || {{dts|January}} || Website || Facebook || Opt-in HTTPS-only || {{w|Facebook}} begins allowing logged-in users to opt in to have all their Facebook browsing encrypted by HTTPS.<ref name=facebook-https-default>{{cite web|url = https://techcrunch.com/2012/11/18/facebook-https/|title = Facebook Could Slow Down A Tiny Bit As It Starts Switching All Users To Secure HTTPS Connections|last = Constine|first = Josh|date = November 18, 2012|accessdate = November 19, 2017|publisher = ''TechCrunch''}}</ref>
|-
| 2013 || {{dts|August 21}} (actual release), August 1 (announcement) || Website || Wikipedia || Default HTTPS-only || Wikimedia Foundation turns on HTTPS for all logged-in users (announcement August 1).<ref>{{cite web|url = https://blog.wikimedia.org/2013/08/01/future-https-wikimedia-projects/|title = The future of HTTPS on Wikimedia projects|date = August 1, 2013|accessdate = September 25, 2016|publisher = Wikimedia Foundation|last = Lane|first = Ryan}}</ref><ref>{{cite web|url = https://www.fastcompany.com/3015199/the-code-war/after-nsas-xkeyscore-wikipedia-switches-to-secure-https|title = After NSA's XKeyscore, Wikipedia Switches To Secure HTTPS. The Wikimedia Foundation has announced it's pushing ahead with plans to secure its online systems due to NSA targeting.|last = Eaton|first = Kit|publisher = ''Fast Company''|date = August 2, 2013|accessdate = September 25, 2016}}</ref>
|-
| 2014 || {{dts|September 8}} || Website || Reddit || Opt-in HTTPS-only || Reddit gives logged-in users the option of using the site purely on HTTPS.<ref>{{cite web|url = https://redditblog.com/2014/09/08/hell-its-about-time-reddit-now-supports-full-site-https/|title = Hell, It’s About Time – reddit now supports full-site HTTPS|date = September 8, 2014|accessdate = November 19, 2017|publisher = Reddit}}</ref>
|-
| 2014 || {{dts|November 18}} || Certificate authority || Let's Encrypt || Free HTTPS certificates || {{w|Let's Encrypt}}, a certificate authority service that can issue HTTPS certificates for three months for free (with some limitations on the types of certificate and the conditions under which certificates can be issued), is publicly announced. The service would issue its first certificate on September 14, 2015, and leave beta on April 12, 2016.
|-
| 2015 || {{dts|June 12}} || Website || Wikipedia || Default HTTPS-only || The Wikimedia Foundation publishes a blog post stating that all properties (including Wikipedia) are being switched over to HTTPS; previously, HTTPS was used only for logged-in users. It seems the switch is being made immediately.<ref>{{cite web|url = https://blog.wikimedia.org/2015/06/12/securing-wikimedia-sites-with-https/|title = Securing access to Wikimedia sites with HTTPS|last = Welinder|first = Yana|last2 = Baranetsky|first2 = Victoria|last3 = Black|first3 = Brandon|date = June 12, 2015|accessdate = September 25, 2016|publisher = Wikimedia Foundation}}</ref><ref>{{cite web|url = http://www.welivesecurity.com/2015/06/15/wikipedia-switches-https-default/|title = Wikipedia switches to HTTPS by default|last = Thomas|first = Karl|date = June 15, 2015|accessdate = September 25, 2016|publisher = WeLiveSecurity}}</ref><ref>{{cite web|url = http://arstechnica.com/security/2015/06/wikipedia-goes-all-https-starting-immediately/|title = Wikipedia goes all-HTTPS, starting immediately. "We believe that the time for HTTPS by default is now."|last = Farivar|first = Cyrus|date = June 15, 2015|accessdate = September 25, 2016|publisher = ''[[ArsTechnica]]''}}</ref>
|-
| 2015 || {{dts|June}} || Website || Reddit || Default HTTPS-only || {{w|Reddit}} switches to HTTPS-only, with users being automatically redirected from HTTP to HTTPS.<ref>{{cite web|url = https://motherboard.vice.com/en_us/article/kbzj7y/reddit-switches-to-https-encryption-by-default|title = Reddit Switches to Encryption By Default. The internet giant will switch to HTTPS by default by the end of the month.|author = Lorenzo Franceschi-Bicchierai|date = June 17, 2015|accessdate = NOvember 19, 2017|publisher = ''Vice''}}</ref><ref>{{cite web|url = https://www.reddit.com/r/redditdev/comments/39zje0/reddit_will_soon_only_be_available_over_https/|title = reddit will soon only be available over HTTPS (self.redditdev)|date = June 16, 2015|accessdate = November 19, 2017|publisher = Reddit}}</ref>
|-
| 2017 || {{dts|May 22}} || Website || Stack Overflow || Default HTTPS-only || {{w|Stack Overflow}} announces that it has migrated to HTTPS, after four years of work on the migration. All other Stack Exchange websites are also moved over to HTTPS.<ref>{{cite web|url = https://nickcraver.com/blog/2017/05/22/https-on-stack-overflow/|title = HTTPS on Stack Overflow: The End of a Long Road|date = May 22, 2017|accessdate = November 19, 2017|last = Craver|first = Nick}}</ref><ref>{{cite web|url = https://stackoverflow.blog/2017/05/22/stack-overflow-flipped-switch-https/|title = How Stack Overflow Flipped the Switch on HTTPS|last = Taylor|first = Anita|date = May 22, 2017|accessdate = November 19, 2017|publisher = Stack Overflow}}</ref>
|}
== References ==
{{reflist|30em}}
