Changes

Jump to: navigation, search

Timeline of HTTPS adoption

2,834 bytes added, 01:41, 20 November 2017
no edit summary
|-
| 2014 || {{dts|November 18}} || Certificate authority || Let's Encrypt || Free HTTPS certificates || {{w|Let's Encrypt}}, a certificate authority service that can issue HTTPS certificates for three months for free (with some limitations on the types of certificate and the conditions under which certificates can be issued), is publicly announced. The service would issue its first certificate on September 14, 2015, and leave beta on April 12, 2016.
|-
| 2014 || {{dts|December 18}} || Browser || Chrome || Security warning || Google Chrome announces its intention of adding warnings for users visiting non-HTTPS websites.<ref>{{cite web|url = http://www.thesempost.com/google-chrome-wants-warn-users-visiting-non-https-sites/|title = Google Chrome Wants to Warn Users Before Visiting All Non-HTTPS Sites|last = Slegg|first = Jennifer|date = December 18, 2014|accessdate = November 20, 2017|publisher = The SEM Post}}</ref> More details are announced in late January 2015.<ref>{{cite web|url = http://www.thesempost.com/first-look-google-chrome-plans-alert-users-non-https-websites/|title = First Look at How Google Chrome Plans to Alert Users to Non-HTTPS Websites|last = Slegg|first = Jennifer|date = January 28, 2015|accessdate = November 20, 2017}}</ref>
|-
| 2015 || {{dts|January 18}} || Report/Observatory || HTTPSWatch || State of HTTPS adoption || The oldest Internet Archive snapshot of HTTPSWatch appears to be on this date. The snapshot says that it is inspired by Alex Gaynor's blog posts that were published in November and December 2014, so it is likely to be pretty close to the actual start date.<ref>{{cite web|url = https://web.archive.org/web/20150118231201/https://httpswatch.com/#about|title = HTTPSWatch (About section)|accessdate = January 18, 2015}}</ref><ref>{{cite web|url = https://alexgaynor.net/2014/nov/12/state-of-news-tls/|title = The State of the News and TLS|last = Gaynor|first = Alex|date = November 12, 2015|accessdate = November 20, 2015}}</ref><ref>{{cite web|url = https://alexgaynor.net/2014/dec/30/state-of-news-tls-part-ii/|title = The State of the News and TLS: Part II|last = Gaynor|first = Alex|date = December 30, 2014|accessdate = November 20, 2017}}</ref>
|-
| 2015 || {{dts|March 12}} || Website/App || Pinterest || Default HTTPS-only || {{w|Pinterest}} announces that it has moved over to HTTPS, describing the challenges it faced along the way. With the increased security in place due to HTTPS, Pinterest also introduces a paid bug bounty program for the white hat hacker community to find security flaws.<ref>{{cite web|url = https://medium.com/@Pinterest_Engineering/making-pinterest-https-637ec925a8ad|title = Making Pinterest HTTPS|last = Moreno|first = Paul|date = March 12, 2015|accessdate = November 20, 2017|publisher = Pinterest Engineering via Medium}}</ref>
|-
| 2015 || {{dts|March 25}} || Ecosystem || Advertising || Exhortation || Writing for the {{w|Interactive Advertising Bureau}} (IAB), Brendan Riordan-Butterworth calls for the advertising ecosystem to move to HTTPS.<ref>{{cite web|url = https://www.iab.com/adopting-encryption-the-need-for-https/|title = Adopting Encryption: The Need for HTTPS|last = Riordan-Butterworth|first = Brendan|date = March 25, 2015|accessdate = November 20, 2017|publisher = Interactive Advertising Bureau}}</ref>
|-
| 2015 || {{dts|April 13}} || Browser || Firefox || Security warning || Mozilla announces plans to deprecate plain HTTP in their browser, Firefox.<ref>{{cite web|url = https://groups.google.com/forum/#!topic/mozilla.dev.platform/xaGffxAM-hs%5B1-25%5D|title = Intent to deprecate: Insecure HTTP|last = Barnes|first = Richard|date = April 13, 2015|accessdate = November 20, 2017}}</ref><ref>{{cite web|url = http://www.thesempost.com/mozilla-deprecate-http-firefox/|title = Mozilla Announces Plans to Deprecate HTTP in Firefox|date = April 16, 2015|accessdate = November 20, 2017|publisher = The SEM Post}}</ref>
|-
| 2015 || {{dts|June 8}} || Website || United States government || Default HTTPS-only || The White House {{w|Office of Management and Budget}} issues the HTTPS-Only Standard directive requiring that all United States federal government websites provide service only via HTTPS, with a deadline of end of 2016.<ref>{{Cite web|url = https://obamawhitehouse.archives.gov/sites/default/files/omb/memoranda/2015/m-15-13.pdf|title = Policy to Require Secure Connections across Federal Websites and Web Services|date = June 8, 2015|last = Scott|first = Tony|accessdate = November 20, 2017}}</ref><ref>{{cite web|url = https://obamawhitehouse.archives.gov/blog/2015/06/08/https-everywhere-government|title = HTTPS-Everywhere for Government|last = Scott|first = Tony|date = June 8, 2015|accessdate = November 20, 2017|publisher = Obama White House Archives}}</ref><ref>{{cite web|url = https://www.computerworld.com/article/2933172/government-it/us-to-require-https-for-all-government-websites.html|title = US to require HTTPS for all government websites. All public sites will be required to use the protocol by the end of 2016|last = Williams|first = Martyn|date = June 8, 2015|accessdate = November 20, 2017}}</ref>
|-
| 2015 || {{dts|June}} || Website || Reddit || Default HTTPS-only || {{w|Reddit}} switches to HTTPS-only, with users being automatically redirected from HTTP to HTTPS.<ref>{{cite web|url = https://motherboard.vice.com/en_us/article/kbzj7y/reddit-switches-to-https-encryption-by-default|title = Reddit Switches to Encryption By Default. The internet giant will switch to HTTPS by default by the end of the month.|author = Lorenzo Franceschi-Bicchierai|date = June 17, 2015|accessdate = November 19, 2017|publisher = ''Vice''}}</ref><ref>{{cite web|url = https://www.reddit.com/r/redditdev/comments/39zje0/reddit_will_soon_only_be_available_over_https/|title = reddit will soon only be available over HTTPS (self.redditdev)|date = June 16, 2015|accessdate = November 19, 2017|publisher = Reddit}}</ref>
|-
| 2015 || {{dts|June 30}} (deadline), April 17 (announcement) || Ad network || Google AdWords || HTTPS availability || As part of Google's HTTPS Everywhere initiative, {{w|Google AdWords}} announces, on April 17, some of it progress already made on moving ads to HTTPS (specifically, moving YouTube ads to HTTPS). Also, it is stated that the vast majority of mobile, video, and desktop display ads served to the Google Display Network, AdMob and DoubleClick publishers will be encrypted by June 30, and advertisers using any of the buying platforms, including AdWords and DoubleClick, will be able to serve HTTPS-encrypted display ads to all HTTPS-enabled inventory.<ref>{{cite web|url = https://adwords.googleblog.com/2015/04/ads-take-step-towards-https-everywhere.html|title = Ads Take a Step Towards “HTTPS Everywhere”|date = April 17, 2015|accessdate = November 20, 2017|publisher = Google AdWords}}</ref>
|-
| 2015 || {{dts|October 14}} || Browser || Chrome || Mixed-content || With version 46, Chrome kills off its HTTP-HTTPS "mixed-content" address bar warning. Now, HTTPS pages that load some auxiliary resources (such as images, calls to ad networks, etc.) over HTTP will say https in the address bar without the secure lock or green coloring. The change is based on the idea that mixed HTTP-HTTPS is in fact more secure than pure HTTP, and therefore should not appear scarier, and is intended to "encourage site operators to switch to HTTPS sooner rather than later."<ref>{{cite web|url = https://arstechnica.com/information-technology/2015/10/chrome-finally-kills-off-the-http-https-mixed-content-warning/|title = Chrome finally kills off the HTTP-HTTPS “mixed content” warning. Slightly alarming and not wholly useful yellow triangle is being retired.|last = Anthony|first = Sebastian|date = October 14, 2015|accessdate = November 20, 2017}}</ref><ref>{{cite web|url = http://www.zdnet.com/article/chrome-loosens-up-on-https-mixed-content-warning/|title = Chrome 46 loosens up on HTTPS 'mixed content' warnings. The browser -- known for being a bit overkill -- finally drops its yellow-warning attached to pages with both secure and non-secure content.|last = Whittaker|first = Zack|date = October 14, 2015|accessdate = November 19, 2017}}</ref>
2,422
edits

Navigation menu