2,438
edits
Changes
no edit summary
|-
| 2014 || {{dts|January}} || Website || YouTube || Some move to HTTPS || YouTube begins sending traffic over HTTPS, significantly increasing the volume of traffic sent on the web via HTTPS. By September 2014, 50% of YouTube traffic would be sent via HTTPS.<ref name=naylor>{{cite web|url = https://davidtnaylor.com/CostOfTheS.pdf|title = The Cost of the “S” in HTTPS|last = Naylor|first = David|last2 = Finamore|first2 = Alessandro|last2 = Leontiadis|first3 = Ilias|last4 = Grunenberger|first4 = Yan|last5 = Mellia|first5 = Marco|last6 = Munafo|first6 = Maurizio|last7 = Papagiannaki|first7 = Konstantina|last8 = Steenkiste|first8 = Peter}}</ref>
|-
| 2014 || {{dts|February 3}} || Website || Tumblr || Opt-in HTTPS-only || Tumblr gives blog owners the option of switching their blogs to HTTPS-only. NOTE: Unlike some other opt-in HTTPS-only implementations, the option is controlled by website owners rather than website visitors.<ref>{{cite web|url = https://staff.tumblr.com/post/75482980993/you-can-now-take-extra-precaution-against-hackers|title = You can now take extra precaution against hackers and snoops by enabling SSL security on your Tumblr Dashboard.|publisher = Tumblr|date = February 3, 2014|accessdate = April 13, 2019}}</ref> Internet security commentators feel that Tumblr didn't go far enough, and should have switched to default HTTPS-only.<ref>{{cite web|url = https://www.cnet.com/news/tumblr-activates-ssl-but-with-a-catch/|title = Tumblr activates SSL, but with a catch. Tumblr blog owners can encrypt all visits to their sites, as long as they opt in. Why didn't Yahoo just make SSL the default setting?|date = February 3, 2014|accessdate = April 13, 2019}}</ref>
|-
| 2014 || {{dts|March 5}} || CDN || Amazon CloudFront || SNI custom SSL, HTTPS redirection || Amazon CloudFront announces support for customers to use their own SSL certificates through the implementation of {{w|Server Name Indication}}, as well as HTTP to HTTPS redirection (via 301 redirect).
|-
| 2015 || {{dts|April 13}} || Browser || Firefox || Security warning || Mozilla announces plans to deprecate plain HTTP in their browser, Firefox.<ref>{{cite web|url = https://groups.google.com/forum/#!topic/mozilla.dev.platform/xaGffxAM-hs%5B1-25%5D|title = Intent to deprecate: Insecure HTTP|last = Barnes|first = Richard|date = April 13, 2015|accessdate = November 20, 2017}}</ref><ref>{{cite web|url = http://www.thesempost.com/mozilla-deprecate-http-firefox/|title = Mozilla Announces Plans to Deprecate HTTP in Firefox|date = April 16, 2015|accessdate = November 20, 2017|publisher = The SEM Post}}</ref>
|-
| 2015 || {{dts|May 19}} || Website || Wikipedia || Site-wide censorship due to HTTPS transition || Likely starting around this day (judging from traffic volume), the Chinese government blocks Chinese Wikipedia.<ref>{{cite web|url = https://wikimedia.org/api/rest_v1/metrics/legacy/pagecounts/aggregate/zh.wikipedia/desktop-site/daily/2015050100/2015053123|title = Aggregate page counts for traffic to Chinese Wikipedia for May 2015|accessdate = April 13, 2019}}</ref> The rationale is that, with Wikipedia's coming transition to HTTPS-only, the Chinese government will not be able to identify what page on the site a user is visiting, so blocking the whole site is the only way to implement the goal of blocking specific pages with politically sensitive content. See [[w:Censorship of Wikipedia#China]] for more details.
|-
| 2015 || {{dts|June 8}} || Website || United States government || Default HTTPS-only || The White House {{w|Office of Management and Budget}} issues the HTTPS-Only Standard directive requiring that all United States federal government websites provide service only via HTTPS, with a deadline of end of 2016.<ref>{{Cite web|url = https://obamawhitehouse.archives.gov/sites/default/files/omb/memoranda/2015/m-15-13.pdf|title = Policy to Require Secure Connections across Federal Websites and Web Services|date = June 8, 2015|last = Scott|first = Tony|accessdate = November 20, 2017}}</ref><ref>{{cite web|url = https://obamawhitehouse.archives.gov/blog/2015/06/08/https-everywhere-government|title = HTTPS-Everywhere for Government|last = Scott|first = Tony|date = June 8, 2015|accessdate = November 20, 2017|publisher = Obama White House Archives}}</ref><ref>{{cite web|url = https://www.computerworld.com/article/2933172/government-it/us-to-require-https-for-all-government-websites.html|title = US to require HTTPS for all government websites. All public sites will be required to use the protocol by the end of 2016|last = Williams|first = Martyn|date = June 8, 2015|accessdate = November 20, 2017}}</ref>
|-
| 2016 || {{dts|March 23}} || || || || Google provides a list of certificate authorities it does not trust.<ref>{{cite web|url = https://www.theregister.co.uk/2016/03/23/google_now_publishing_a_list_of_cas_it_doesnt_trust/|title = Google publishes list of Certificate Authorities it doesn't trust. Thawte experiment aims to expose issuers of dodgy creds|last = Chirgwin|first = Richard|date = March 23, 2016|accessdate = November 20, 2017|publisher = ''The Register''}}</ref>
|-
| 2016 || {{dts|February}} || Browser || Baidu Browser || Vulnerability exploit || The Citizen Lab publishes a report noting vulnerabilities in the Baidu Browser, a popular browser in China, some of which are related to the browser not using HTTPS fully.<ref>{{cite web|url = https://phys.org/news/2016-02-privacy-problems-popular-baidu-browser.html|title = Researchers find privacy problems in popular Baidu browser|last = Gillis|first = Alex|date = February 26, 2016|accessdate = April 13, 2019}}</ref>
|-
| 2016 || {{dts|March 28}} || Browser || QQ Browser || Vulnerability exploit || The Citizen Lab publishes a report noting vulnerabilities in the QQ Browser, a popular browser in China, some of which are related to the browser not using HTTPS fully.<ref>{{cite web|url = https://citizenlab.ca/2016/03/privacy-security-issues-qq-browser/|title = Privacy and Security Issues in QQ Browser|last = Knockel|first = Jeffrey|last2 = Senft|first2 = Adam|last3 = Deibert|first3 = Ron|date = March 28, 2016|accessdate = April 13, 2019|publisher = The Citizen Lab}}</ref>
|-
| 2016 || {{dts|April 28}} || Website || WIRED || Default HTTPS-only || ''WIRED'' announces that its website has gone HTTPS-only. The article announcing the transition explains the challenges involved in making sure every digital asset loaded on every page is HTTPS.<ref>{{cite web|url = https://www.wired.com/2016/04/wired-launching-https-security-upgrade/|title = WE'RE GOING HTTPS: HERE'S HOW WIRED IS TACKLING A HUGE SECURITY UPGRADE|last = Tollman|first = Zack|date = April 28, 2016|accessdate = February 11, 2018|publisher = ''WIRED''}}</ref>
|-
| 2017 || May through {{dts|August 16}} || Website || Springer-Verlag || Default HTTPS-only || Publisher Springer transitions its websites to HTTPS, with HTTP redirecting to HTTPS.<ref>{{cite web|url = https://knowledge.exlibrisgroup.com/360_Services/360_Link/Knowledge_Articles/360_Link%3A_Springer_Transition_to_https_--_effective_August_16%2C_2017|title = 360 Link: Springer Transition to https -- effective August 16, 2017|date = August 7, 2017|accessdate = February 11, 2017|publisher = ExLibris Knowledge Center}}</ref><ref>{{cite web|url = https://springeronlineservice.freshdesk.com/support/solutions/articles/6000165911-switching-to-https|title = Switching to HTTPS|publisher = Springer Online Service on Freshdesk|date = September 6, 2017|accessdate = February 11, 2018}}</ref>
|-
| 2017 || {{dts|September 11}} || || || || The Google Security Blog announces Google Chrome's finalized plans to distrust certificates issued by Symantec.<ref>{{cite web|url = https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.html|title = Chrome’s Plan to Distrust Symantec Certificates|date = September 11, 2017|accessdate = April 13, 2019|publisher = Google Security Blog|last = O'Brien|first = Devon|last2 = Sleevi|first2 = Ryan|last3 = Whalley|first3 = Andrew}}</ref> The SSL Store blogs about it with some commentary explaining the controversy.<ref>{{cite web|url = https://www.thesslstore.com/blog/google-chrome-distrust-symantec-ssl-certificates/|title = Official: Google Chrome’s Plan to Distrust Symantec SSL Certificates The announcement being circulated simply finalizes an agreement from July|publisher = The SSL Store|date = September 13, 2017|accessdate = April 13, 2019}}</ref>
|-
| 2017 || {{dts|September 13}} || Website || Imgur || Default HTTPS-only || Image-hosting service {{w|Imgur}} defaults to HTTPS-only for all users (both logged-in and others).<ref>{{cite web|url = https://community.imgur.com/t/defaulting-to-https-01-xx-2015-request-fulfilled-as-of-09-13-2017/5146/59|title = Defaulting to https (01-XX-2015) - Request fulfilled as of 09-13-2017!|date = January 29, 2015|accessdate = November 20, 2017}}</ref>
|-
| 2018 || {{dts|April 14}} || Website || IMDb || Default HTTPS-only || Judging from homepage captures on the Internet Archive's Wayback Machine, this is the date that the IMDb transitions from HTTP to default HTTPS-only. See captures for April 13<ref>{{cite web|url = http://web.archive.org/web/20180413090715/http://www.imdb.com/|title = IMDb, as captured on April 13, 2018|date = April 13, 2018|accessdate = April 13, 2019}}</ref> and April 14.<ref>{{cite web|url = http://web.archive.org/web/20180414091804/https://www.imdb.com/|title = IMDb, as captured on April 14, 2018|date = April 14, 2018|accessdate = April 13, 2019}}</ref> There does not appear to be any official announcement of the transition, but a Quora question with answers as late as February 2018 confirms that people noticed that the site was still using plain HTTP till February 2018.<ref>{{cite web|url = https://www.quora.com/Why-does-IMDB-use-http-and-not-HTTPS|title = Why does IMDB use http and not HTTPS?|accessdate = April 13, 2019|publisher = Quora}}</ref>
|-
| 2018 || {{dts|June}} (completion), July 9 (announcement) || Website || BBC || Default HTTPS-only || In a blog post on July 9, 2018, software engineer James Donohue announces that the BBC has completed transitioning its website to HTTPS-only a few weeks ago. The blog post explains some of the technical challenges of migrating the site (which has news content from as far back as 1997, when the site first went online), and the steps involved in completing the migration.<ref>{{cite web|url = https://www.bbc.co.uk/blogs/internet/entries/b0807897-7c07-44eb-8d5f-3b2d081a3951|title = BBC News on HTTPS|date = July 9, 2018|accessdate = April 13, 2019|publisher = BBC|last = Donohue|first = James}}</ref>
|-
| 2018 || {{dts|July}} (planned date), February 8 (announcement) || Browser || Chrome || Security warning || On February 8, Google Chrome announces that starting with Chrome 68, which will be released in July, all plain HTTP sites will be marked as not secure.<ref>{{cite web|url = https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html|title = A secure web is here to stay|date = February 8, 2018|accessdate = February 11, 2018|publisher = Google Security Blog|last = Schechter|first = Emily}}</ref><ref>{{cite web|url = https://techcrunch.com/2018/02/08/chrome-will-soon-mark-all-unencrypted-pages-as-not-secure/|title = Chrome will soon mark all unencrypted pages as ‘not secure’|last = Lardinois|first = Frederic|date = February 8, 2018|accessdate = February 11, 2018|publisher = ''TechCrunch''}}</ref><ref>{{cite web|url = https://arstechnica.com/gadgets/2018/02/from-july-on-chrome-will-brand-plain-old-http-as-not-secure/|title = From July on, Chrome will brand plain old HTTP as “Not secure”. The "Not secure" label will go where the padlock would go for an encrypted connection.|last = Bright|first = Peter|date = February 9, 2018|accessdate = February 11, 2018|publisher = ''ArsTechnica''}}</ref> The release happens as scheduled. ''Forbes'' publishes an article naming a few sites that still do not default to HTTPS as of the time of this change to Chrome. The sites include Fox News, the Los Angeles Times, Chicago Tribune, Time, ESPN, NFL Network, NBA, and more. Some of these sites, such as Time and ESPN, still do not default to HTTPS as of April 2019.<ref>{{cite web|url = https://www.forbes.com/sites/kevinmurnane/2018/07/25/here-are-12-well-known-websites-that-chrome-68-labels-not-secure/|title = Fox News, ESPN And 9 Other Well-Known Websites That Chrome 68 Labels 'Not Secure'|last = Murnane|first = Kevin|date = July 25, 2018|accessdate = April 13, 2019|publisher = Forbes}}</ref>
|-
| 2018 || {{dts|August 7}} || Website || BBC || Censorship || The BBC website is blocked in China shortly after it migrated to HTTPS-only. For HTTPS websites, it is not possible for intermediaries in the network to identify individual pages being browsed, so the Chinese government needs to block the whole site in order to block access to politically sensitive content.<ref>{{cite web|url = https://www.bbc.com/news/technology-45098190|title = BBC websites blocked in China after security change|date = August 7, 2018|accessdate = April 13, 2019}}</ref>
|-
| 2019 || {{dts|January}} to February; with some early test efforts in October 2018, and some wrap-up work as late as April 11 || Website || Wikia / Fandom || Default HTTPS-only || Fandom Inc., the company previously known as Wikia, moves the bulk of their community wikis from HTTP to HTTPS, while also changing the domain from wikia.com to fandom.com (to be more consistent with the company's new name and branding). Some domains that do not fit with the Fandom brand are moved to wikia.org instead; these are also migrated to HTTPS.<ref>{{cite web|url = https://community.fandom.com/wiki/Help:Fandom_domain_migration|title = Help:Fandom domain migration|accessdate = April 13, 2019|publisher = Fandom Community Central}}</ref>
