Changes

Jump to: navigation, search

Timeline of HTTPS adoption

3,378 bytes added, 10:17, 13 April 2019
no edit summary
|-
| 2017 || {{dts|January 10}} || Website || New York Times || Default HTTPS-only || The ''New York Times'' announces that it has made a number of its articles default to HTTPS, including the home page, section and topic pages, and all articles published 2014 or later, and that it plans to make the rest of its site HTTPS as well.<ref>{{cite web|url = https://open.blogs.nytimes.com/2017/01/10/https-on-nytimes-com/|title = HTTPS on NYTimes.com|last = Konigsburg|first = Eitan|last2 = Wan|first2 = Vinessa|publisher = ''New York Times'' Open blog|date = January 1, 2010|accessdate = November 19, 2017}}</ref>
|-
| 2017 || {{dts|january 21}} || Guideline || American Library Association || HTTPS use guideline || The American Library Association publishes a library privacy checklist approved by its intellectual freedom committee. The checklist mentions HTTPS twice. In priority 1 actions, it includes an action "Ensure all existing security certificates for HTTPS/SSL are valid and create a procedure for revalidating them annually." In priority 2 actions, it includes an action "Utilize HTTPS wherever possible." (Ironically, even as of April 2019, the American Library Association website does not properly support HTTPS, with the HTTPS site redirecting to the HTTP site).<ref>{{cite web|url = http://www.ala.org/advocacy/privacy/checklists/overview|title = Library Privacy Checklist - Overview|date = January 21, 2017|accessdate = April 13, 2019|publisher = American Library Association}}</ref>
|-
| 2017 || {{dts|January}} || Browser || Chrome || Security warning || With version 56, {{w|Google Chrome}} begins marking as "Not Secure" (in the address bar) any webpages collecting sensitive data such as passwords or credit-card information without using HTTPS.<ref name=not-secure-october-plans>{{cite web|url = https://www.searchenginejournal.com/google-is-requiring-https-for-secure-data-in-chrome/183756/|title = Google Is Requiring HTTPS for Secure Data in Chrome|last = Murray|first = Brock|date = January 21, 2017|accessdate = November 19, 2017}}</ref><ref name=zdnet-noose>{{cite web|url = http://www.zdnet.com/article/google-tightens-noose-on-http-chrome-to-stick-not-secure-on-pages-with-search-fields/|title = Google tightens noose on HTTP: Chrome to stick 'Not secure' on pages with search fields. In October, Google will begin phase two of its plan to label all HTTP pages as non-secure.|last = Tung|first = Liam|date = April 28, 2017|accessdate = November 15, 2017|publisher = ZDNet}}</ref>
| 2018 || {{dts|February 27}} || Certificate authority || Let's Encrypt || Wildcard support || Let's Encrypt plans to make wildcard support fully available on this date, after launching a public test API endpoint for the ACME v2 protocol and wildcard support on January 4, 2018.<ref>{{cite web|url = https://letsencrypt.org/2017/07/06/wildcard-certificates-coming-jan-2018.html|title = Wildcard Certificates Coming January 2018|last = Aas|first = Josh|date = July 6, 2017|accessdate = January 28, 2018|publisher = Let's Encrypt}}</ref>
|-
| 2018 || {{dts|April 14}} || Website || IMDb || Default HTTPS-only || Judging from homepage captures on the Internet Archive's Wayback Machine, this is the date that the IMDb transitions from HTTP to default HTTPS-only. See captures for April 13<ref>{{cite web|url = http://web.archive.org/web/20180413090715/http://www.imdb.com/|title = IMDb, as captured on April 13, 2018|date = April 13, 2018|accessdate = April 13, 2019}}</ref> and April 14.<ref>{{cite web|url = http://web.archive.org/web/20180414091804/https://www.imdb.com/|title = IMDb, as captured on April 14, 2018|date = April 14, 2018|accessdate = April 13, 2019}}</ref><ref> There does not appear to be any official announcement of the transition, but a Quora question with answers as late as February 2018 confirms that people noticed that the site was still using plain HTTP till February 2018.<ref>{{cite web|url = https://www.quora.com/Why-does-IMDB-use-http-and-not-HTTPS|title = Why does IMDB use http and not HTTPS?|accessdate = April 13, 2019|publisher = Quora}}</ref>|-| 2018 || {{dts|July}} (planned date), February 8 (announcement) || Browser || Chrome || Security warning || On February 8, Google Chrome announces that starting with Chrome 68, which will be released in July, all plain HTTP sites will be marked as not secure.<ref>{{cite web|url = https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html|title = A secure web is here to stay|date = February 8, 2018|accessdate = February 11, 2018|publisher = Google Security Blog|last = Schechter|first = Emily}}</ref><ref>{{cite web|url = https://techcrunch.com/2018/02/08/chrome-will-soon-mark-all-unencrypted-pages-as-not-secure/|title = Chrome will soon mark all unencrypted pages as ‘not secure’|last = Lardinois|first = Frederic|date = February 8, 2018|accessdate = February 11, 2018|publisher = ''TechCrunch''}}</ref><ref>{{cite web|url = https://arstechnica.com/gadgets/2018/02/from-july-on-chrome-will-brand-plain-old-http-as-not-secure/|title = From July on, Chrome will brand plain old HTTP as “Not secure”. The "Not secure" label will go where the padlock would go for an encrypted connection.|last = Bright|first = Peter|date = February 9, 2018|accessdate = February 11, 2018|publisher = ''ArsTechnica''}}</ref> The release happens as scheduled. ''Forbes'' publishes an article naming a few sites that still do not default to HTTPS as of the time of this change to Chrome. The sites include Fox News, the Los Angeles Times, Chicago Tribune, Time, ESPN, NFL Network, NBA, and more. Some of these sites, such as Time and ESPN, still do not default to HTTPS as of April 2019.<ref>{{cite web|url = https://www.forbes.com/sites/kevinmurnane/2018/07/25/here-are-12-well-known-websites-that-chrome-68-labels-not-secure/|title = Fox News, ESPN And 9 Other Well-Known Websites That Chrome 68 Labels 'Not Secure'|last = Murnane|first = Kevin|date = July 25, 2018|accessdate = April 13, 2019|publisher = Forbes}}</ref>|-| 2019 || {{dts|January}} to February; with some early test efforts in October 2018, and some wrap-up work as late as April 11 || Website || Wikia / Fandom || Default HTTPS-only || Fandom Inc., the company previously known as Wikia, moves the bulk of their community wikis from HTTP to HTTPS, while also changing the domain from wikia.com to fandom.com (to be more consistent with the company's new name and branding). Some domains that do not fit with the Fandom brand are moved to wikia.org instead; these are also migrated to HTTPS.<ref>{{cite web|url = https://community.fandom.com/wiki/Help:Fandom_domain_migration|title = Help:Fandom domain migration|accessdate = April 13, 2019|publisher = Fandom Community Central}}</ref>
|}
2,422
edits

Navigation menu