Changes

Jump to: navigation, search

Timeline of HTTPS adoption

684 bytes added, 07:09, 19 November 2017
no edit summary
|-
| 2014 || {{dts|November 18}} || Certificate authority || Let's Encrypt || Free HTTPS certificates || {{w|Let's Encrypt}}, a certificate authority service that can issue HTTPS certificates for three months for free (with some limitations on the types of certificate and the conditions under which certificates can be issued), is publicly announced. The service would issue its first certificate on September 14, 2015, and leave beta on April 12, 2016.
|-
| 2015 || {{dts|February}} || Browser || Chrome || HTTP/2 || Chrome begins rolling out support for {{w|HTTP/2}}. Chrome supports HTTP/2 only over HTTPS, even though the standard allows for HTTP/2 outside of HTTPS (through the selective use of encryption).<ref>{{cite web|url = https://blog.chromium.org/2015/02/hello-http2-goodbye-spdy.html|title = Hello HTTP/2, Goodbye SPDY|date = February 9, 2015|accessdate = November 19, 2017|publisher = Chromium}}</ref>
|-
| 2015 || {{dts|June 12}} || Website || Wikipedia || Default HTTPS-only || The Wikimedia Foundation publishes a blog post stating that all properties (including Wikipedia) are being switched over to HTTPS; previously, HTTPS was used only for logged-in users. It seems the switch is being made immediately.<ref>{{cite web|url = https://blog.wikimedia.org/2015/06/12/securing-wikimedia-sites-with-https/|title = Securing access to Wikimedia sites with HTTPS|last = Welinder|first = Yana|last2 = Baranetsky|first2 = Victoria|last3 = Black|first3 = Brandon|date = June 12, 2015|accessdate = September 25, 2016|publisher = Wikimedia Foundation}}</ref><ref>{{cite web|url = http://www.welivesecurity.com/2015/06/15/wikipedia-switches-https-default/|title = Wikipedia switches to HTTPS by default|last = Thomas|first = Karl|date = June 15, 2015|accessdate = September 25, 2016|publisher = WeLiveSecurity}}</ref><ref>{{cite web|url = http://arstechnica.com/security/2015/06/wikipedia-goes-all-https-starting-immediately/|title = Wikipedia goes all-HTTPS, starting immediately. "We believe that the time for HTTPS by default is now."|last = Farivar|first = Cyrus|date = June 15, 2015|accessdate = September 25, 2016|publisher = ''ArsTechnica''}}</ref>
| 2016 || {{dts|August}} || Website || Netflix || Default HTTPS-only || {{w|Netflix}} announces that it is adding TLS encryption to all its video streams, and expects to finish the process by year-end.<ref>{{cite web|url = https://medium.com/netflix-techblog/protecting-netflix-viewing-privacy-at-scale-39c675d88f45|title = Protecting Netflix Viewing Privacy at Scale|date = August 8, 2016|accessdate = November 19, 2017|publisher = Netflix on ''Medium''}}</ref><ref>{{cite web|url = https://www.engadget.com/2016/08/09/netflix-https/|title = Netflix explains how and why it's switching to HTTPS streaming. Adding encryption increases privacy for viewers -- and for Netflix.|date = August 9, 2016|accessdate = November 19, 2017}}</ref>
|-
| 2017 || {{dts|January}} || Browser || Chrome || Security warning || With version 56, {{w|Google Chrome}} begins marking as "Not Secure" (in the address bar) any webpages collecting sensitive data such as passwords or credit-card information without using HTTPS.<ref name=not-secure-october-plans>{{cite web|url = https://www.searchenginejournal.com/google-is-requiring-https-for-secure-data-in-chrome/183756/|title = Google Is Requiring HTTPS for Secure Data in Chrome|last = Murray|first = Brock|date = January 21, 2017|accessdate = November 19, 2017}}</ref><refname=zdnet-noose>{{cite web|url = http://www.zdnet.com/article/google-tightens-noose-on-http-chrome-to-stick-not-secure-on-pages-with-search-fields/|title = Google tightens noose on HTTP: Chrome to stick 'Not secure' on pages with search fields. In October, Google will begin phase two of its plan to label all HTTP pages as non-secure.|last = Tung|first = Liam|date = April 28, 2017|accessdate = November 15, 2017|publisher = ZDNet}}</ref>
|-
| 2017 || {{dts|March 30}} || Website || Pornhub || Default HTTPS-only || {{w|Pornhub}}, the world's largest pornographic video site, switches to HTTPS-only. Sister service YouPorn is scheduled to go HTTPS-only on April 4.<ref>{{cite web|url = https://www.wired.com/2017/03/pornhub-https-encryption/|title = THE WORLD'S BIGGEST PORN SITE GOES ALL-IN ON ENCRYPTION|last = Barrett|first = Brian|date = March 30, 2017|accessdate = November 9, 2017|publisher = ''Wired''}}</ref><ref>{{cite web|url = https://www.theverge.com/2017/3/30/15125048/pornhub-youporn-https-encryption-privacy|title = Pornhub now turns on encryption by default|last = Garun|first = Natt|date = March 30, 2017|accessdate = November 19, 2017|publisher = ''The Verge''}}</ref>
|-
| 2017 || {{dts|May 22}} || Website || Stack Overflow || Default HTTPS-only || {{w|Stack Overflow}} announces that it has migrated to HTTPS, after four years of work on the migration. All other Stack Exchange websites are also moved over to HTTPS.<ref>{{cite web|url = https://nickcraver.com/blog/2017/05/22/https-on-stack-overflow/|title = HTTPS on Stack Overflow: The End of a Long Road|date = May 22, 2017|accessdate = November 19, 2017|last = Craver|first = Nick}}</ref><ref>{{cite web|url = https://stackoverflow.blog/2017/05/22/stack-overflow-flipped-switch-https/|title = How Stack Overflow Flipped the Switch on HTTPS|last = Taylor|first = Anita|date = May 22, 2017|accessdate = November 19, 2017|publisher = Stack Overflow}}</ref>
|-
| 2017 || October || Browser || Chrome || Security warning || Starting with version 62, Chrome begins marking all non-HTTPS webpages as "Not Secure" for users in incognito mode.<ref name=zdnet-noose/>
|}
2,422
edits

Navigation menu