Changes

Jump to: navigation, search

Timeline of HTTPS adoption

4,476 bytes added, 17:34, 19 November 2017
no edit summary
| 2000 || {{dts|May}} || Standard || RFC 2818 || || RFC 2818 of the {{w|Internet Engineering Task Force}} describes the standard for HTTPS, using HTTP over {{w|Transport Layer Security}} (TLS). This is considered a superior, more secure form of HTTPS than HTTPS over SSL.
|-
| 2008 || {{dts|July 24}} || Website || Google (GMailGmail) || Opt-in HTTPS-only || Google adds a setting in GMail Gmail for users to always use HTTPS. Even before this, users could (since the inception of GMailGmail) access it securely by explicitly typing https:// in the browser. With the new setting, users who have opted in to it will be redirected from HTTP to HTTPS.<ref>{{cite web|url = https://gmail.googleblog.com/2008/07/making-security-easier.html|title = Making security easier|date = July 24, 2008|accessdate = November 19, 2017|last = Rideout|first = Ariel|publisher = Google}}</ref>
|-
| 2010 || {{dts|January 12}} || Website || Google (GMailGmail) || Default HTTPS-only || Google switches all GMail Gmail users to redirect to HTTPS; users can change their setings to not redirect to HTTPS. Previously, the default option for this setting was to not redirect, and users had to explicitly choose the option to redirect HTTP to HTTPS.<ref>{{cite web|url = https://gmail.googleblog.com/2010/01/default-https-access-for-gmail.html|title = Default https access for Gmail|date = January 12, 2010|accessdate = November 19, 2017|publisher = Google|last = Schillace|first = Sam}}</ref>
|-
| 2010 || {{dts|June 17}} || Browser extension || HTTPS Everywhere || || The {{w|Electronic Frontier Foundation}} and {{w|The Tor Project, Inc}} launch {{w|HTTPS Everywhere}}, a {{w|Firefox}} extension, to make Firefox use HTTPS where possible.<ref>{{cite web|url = https://www.eff.org/deeplinks/2010/06/encrypt-web-https-everywhere-firefox-extension|title = Encrypt the Web with the HTTPS Everywhere Firefox Extension|last = Eckersley|first = Peter|date = June 17, 2010|accessdate = November 19, 2017|publisher = Electronic Frontier Foundation}}</ref> The extension would evolve over the coming years. As of 2017, it is supported on Firefox, Chrome, and Opera.<ref name=https-everywhere>{{cite web|url = https://www.eff.org/https-everywhere|title = HTTPS Everywhere|accessdate = November 19, 2017}}</ref>
|-
| 2013 || {{dts|October 24}}, 25 || Website || Internet Archive || Default HTTPS-only || The {{w|Internet Archive}} announces that its websites archive.org (which includes the {{w|Wayback Machine}} at web.archive.org) and openlibrary.org are defaulted to HTTPS-only, though they will still be available over HTTP.<ref>{{cite web|url = http://blog.archive.org/2013/10/25/reader-privacy-at-the-internet-archive/|title = Reader Privacy at the Internet Archive|last = Kahle|first = Brewster|date = October 25, 2013|accessdate = November 19, 2017}}</ref><ref>{{cite web|url = https://bits.blogs.nytimes.com/2013/10/24/internet-archive-will-shield-visitors/|title = Internet Archive Will Shield Visitors|last = Streitfeld|first = David|date = October 24, 2013|accessdate = November 19, 2017|publisher = ''New York Times'' Bits Blog}}</ref><ref>{{cite web|url = https://thenextweb.com/insider/2013/10/25/3-million-users-per-day-internet-archive-switches-https-connections-default/|title = With over 3 million users per day, the Internet Archive switches to HTTPS connections by default|last = Protalinski|first = Emil|date = October 25, 2013|accessdate = November 19, 2017|publisher = ''The Next Web''}}</ref>
|-
| 2014 || {{dts|July 29}} || App || Instagram || Default HTTPS-only || In response to reports about a zero-day security vulnerability, Instagram co-founder {{w|Mike Krieger}} reveals that the app is being moved over to HTTPS, with some parts of the app already 100% HTTPS.<ref>{{cite web|url = https://www.theinquirer.net/inquirer/news/2357779/instagram-to-use-https-following-discovery-of-gaping-security-hole-in-ios-app|title = Instagram to use HTTPS following discovery of gaping security hole in iOS app. Security expert warns users should not use the app until a patch is released|date = July 29, 2014|accessdate = November 19, 2017|publisher = The Inquirer}}</ref>
|-
| 2014 || {{dts|August 6}} || Search ranking || Google Search || HTTPS boost || Google announces search results will give preference to sites using HTTPS. This added ranking signal would be a "lightweight" ranking boost.<ref>{{cite web|url=http://googlewebmastercentral.blogspot.com/2014/08/https-as-ranking-signal.html |title=HTTPS as a ranking signal |publisher=www.google.com |accessdate=Dec 1, 2014}}</ref><ref>{{Cite web|url = https://thenextweb.com/google/2014/08/07/google-is-now-ranking-websites-with-https-higher-in-its-search-results/|title = Google is now ranking websites with HTTPS higher in its search results|last = Russell|first = Jon|date = August 7, 2014|accessdate = November 19, 2017|publisher = ''The Next Web''}}</ref>
|-
| 2014 || {{dts|November 18}} || Certificate authority || Let's Encrypt || Free HTTPS certificates || {{w|Let's Encrypt}}, a certificate authority service that can issue HTTPS certificates for three months for free (with some limitations on the types of certificate and the conditions under which certificates can be issued), is publicly announced. The service would issue its first certificate on September 14, 2015, and leave beta on April 12, 2016.
|-
| 2015 || {{dts|January 18}} || Report/Observatory || HTTPSWatch || State of HTTPS adoption || The oldest Internet Archive snapshot of HTTPSWatch appears to be on this date. The snapshot says that it is inspired by Alex Gaynor's blog posts that were published in November and December 2014, so it is likely to be pretty close to the actual start date.<ref>{{cite web|url = https://web.archive.org/web/20150118231201/https://httpswatch.com/#about|title = HTTPSWatch (About section)|accessdate = January 18, 2015}}</ref><ref>{{cite web|url = https://alexgaynor.net/2014/nov/12/state-of-news-tls/|title = The State of the News and TLS|last = Gaynor|first = Alex|date = November 12, 2015|accessdate = November 20, 2015}}<ref>{{cite web|url = https://alexgaynor.net/2014/dec/30/state-of-news-tls-part-ii/|title = The State of the News and TLS: Part II|last = Gaynor|first = Alex|date = December 30, 2014|accessdate = November 20, 2017}}</ref>
|-
| 2015 || {{dts|February}} || Browser || Chrome || HTTP/2 || Chrome begins rolling out support for {{w|HTTP/2}}. Chrome supports HTTP/2 only over HTTPS, even though the standard allows for HTTP/2 outside of HTTPS (through the selective use of encryption).<ref>{{cite web|url = https://blog.chromium.org/2015/02/hello-http2-goodbye-spdy.html|title = Hello HTTP/2, Goodbye SPDY|date = February 9, 2015|accessdate = November 19, 2017|publisher = Chromium}}</ref>
|-
| 2015 || {{dts|March 12}} || Website/App || Pinterest || Default HTTPS-only || {{w|Pinterest}} announces that it has moved over to HTTPS, describing the challenges it faced along the way. With the increased security in place due to HTTPS, Pinterest also introduces a paid bug bounty program for the white hat hacker community to find security flaws.<ref>{{cite web|url = https://medium.com/@Pinterest_Engineering/making-pinterest-https-637ec925a8ad|title = Making Pinterest HTTPS|last = Moreno|first = Paul|date = March 12, 2015|accessdate = November 20, 2017|publisher = Pinterest Engineering via Medium}}</ref>
|-
| 2015 || {{dts|June 12}} || Website || Wikipedia || Default HTTPS-only || The Wikimedia Foundation publishes a blog post stating that all properties (including Wikipedia) are being switched over to HTTPS; previously, HTTPS was used only for logged-in users. It seems the switch is being made immediately.<ref>{{cite web|url = https://blog.wikimedia.org/2015/06/12/securing-wikimedia-sites-with-https/|title = Securing access to Wikimedia sites with HTTPS|last = Welinder|first = Yana|last2 = Baranetsky|first2 = Victoria|last3 = Black|first3 = Brandon|date = June 12, 2015|accessdate = September 25, 2016|publisher = Wikimedia Foundation}}</ref><ref>{{cite web|url = http://www.welivesecurity.com/2015/06/15/wikipedia-switches-https-default/|title = Wikipedia switches to HTTPS by default|last = Thomas|first = Karl|date = June 15, 2015|accessdate = September 25, 2016|publisher = WeLiveSecurity}}</ref><ref>{{cite web|url = http://arstechnica.com/security/2015/06/wikipedia-goes-all-https-starting-immediately/|title = Wikipedia goes all-HTTPS, starting immediately. "We believe that the time for HTTPS by default is now."|last = Farivar|first = Cyrus|date = June 15, 2015|accessdate = September 25, 2016|publisher = ''ArsTechnica''}}</ref>
| 2015 || {{dts|June}} || Website || Reddit || Default HTTPS-only || {{w|Reddit}} switches to HTTPS-only, with users being automatically redirected from HTTP to HTTPS.<ref>{{cite web|url = https://motherboard.vice.com/en_us/article/kbzj7y/reddit-switches-to-https-encryption-by-default|title = Reddit Switches to Encryption By Default. The internet giant will switch to HTTPS by default by the end of the month.|author = Lorenzo Franceschi-Bicchierai|date = June 17, 2015|accessdate = November 19, 2017|publisher = ''Vice''}}</ref><ref>{{cite web|url = https://www.reddit.com/r/redditdev/comments/39zje0/reddit_will_soon_only_be_available_over_https/|title = reddit will soon only be available over HTTPS (self.redditdev)|date = June 16, 2015|accessdate = November 19, 2017|publisher = Reddit}}</ref>
|-
| 2015 || {{dts|October 14}} || Browser || Chrome || Mixed-content || With version 46, Chrome kills off its HTTP-HTTPS "mixed-content" address bar warning. Now, HTTPS pages that load some auxiliary resources (such as images, calls to ad networks, etc.) over HTTP will say https in the address bar without the secure lock or green coloring. The change is based on the idea that mixed HTTP-HTTPS is in fact more secure than pure HTTP, and therefore should not appear scarier, and is intended to "encourage site operators to switch to HTTPS sooner rather than later."<ref>{{cite web|url = https://arstechnica.com/information-technology/2015/10/chrome-finally-kills-off-the-http-https-mixed-content-warning/|title = Chrome finally kills off the HTTP-HTTPS “mixed content” warning. Slightly alarming and not wholly useful yellow triangle is being retired.|last = Anthony|first = Sebastian|date = October 14, 2015|accessdate = November 20, 2017}}</ref><ref>{{cite web|url = http://www.zdnet.com/article/chrome-loosens-up-on-https-mixed-content-warning/|title = Chrome 46 loosens up on HTTPS 'mixed content' warnings. The browser -- known for being a bit overkill -- finally drops its yellow-warning attached to pages with both secure and non-secure content.|last = Whittaker|first = Zack|date = Ocober 14, 2015|accessdate = November 19, 2017}}</ref>|-| 2016 || {{dts|March 15}} || Report /Observatory || Google Transparency Report || State of HTTPS adoption || Google announces that it is adding a new section to its Transparency Report to track the progress of HTTPS adoption.<ref>{{cite web|url = https://security.googleblog.com/2016/03/securing-web-together_15.html|title = Securing the web, together|date = March 15, 2016|accessdate = November 19, 2017|publisher = Google Security Blog}}</ref><ref>{{cite web|url = https://www.seroundtable.com/google-https-adoption-rates-21785.html|title = Google Report On HTTPS Adoption Within Google & The Top Web Sites|last = Schwartz|first = Barry|date = March 16, 2016|accessdate = November 19, 2017|publisher = Search Engine Roundtable}}</ref><ref>{{cite web|url = https://www.searchenginejournal.com/googles-transparency-report-to-include-https-adoption-rates/159732/|title = Google’s Transparency Report to Include HTTPS Adoption Rates|date = March 25, 2016|accessdate = November 19, 2017|publisher = Search Engine Journal}}</ref>
|-
| 2016 || {{dts|June 15}} || Website || TechCrunch || Default HTTPS-only || Technology new website ''{{w|TechCrunch}}'' announces that it has gone HTTPS-only.<ref>{{Cite web|url = https://techcrunch.com/2016/06/15/techcrunch-has-gone-https/|title = TechCrunch has gone HTTPS|last = Wilke|first Nicole|date = June 15, 2016|accessdate = November 19, 2017}}</ref>
|-
| 2017 || October || Browser || Chrome || Security warning || Starting with version 62, Chrome begins marking all non-HTTPS webpages as "Not Secure" for users in incognito mode.<ref name=zdnet-noose/>
|-
| 2017 || || Report || Research at Google || State of HTTPS adoption || Research at Google publishes a paper titled ''Measuring HTTPS adoption on the web''.<ref>{{cite web|url = https://research.google.com/pubs/pub46197.html|title = Measuring HTTPS adoption on the web|accessdate = November 20, 2017|last = Feit|first = Adrienne Porter|last2 = Barnes|first2 = Richard|last3 = King|first3 = April|last4 = Palmer|first4 = Chris|last5 = Bentzel|first5 = Chris|last6 = Tabriz|first6 = Parisa}}</ref><ref>{{cite web|url = https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/46197.pdf|title = Measuring HTTPS adoption on the web|accessdate = November 20, 2017|last = Feit|first = Adrienne Porter|last2 = Barnes|first2 = Richard|last3 = King|first3 = April|last4 = Palmer|first4 = Chris|last5 = Bentzel|first5 = Chris|last6 = Tabriz|first6 = Parisa}}</ref>
|}
2,422
edits

Navigation menu