Now running over HTTPS

2014 was a year where we witnessed a huge amount in Internet related security incidents, in the previous years, the world understood that our Internet usage is not only accessible to us and our service providers but to every middleman in the way as well. So it is natural that the recent trend is to secure our communications through the Internet to make the whole web safer, not only emails or chat conversations but our navigation too.

Last year we saw the rise of many projects that pretend to improve the security of the Internet’s users. For example, most of the big companies enforced the use of HTTPS to access their services, CloudFlare’s launch of Universal SSL, the spawn of “Let’s Encrypt” project and major initiatives to promote the usage of private browsing tools like “tor” and encrypted chat apps like ChatSecure, TextSecure, etc.

In the long run this will certainly contribute to better and safer web. That is why I decided to start this year with a major change on my personal websites and pet projects, for now on all of them will only be accessible through HTTPS. I know it is not a perfect system but it is a step forward.

Full SSL
Cloud flare Full SSL Scheme

I am using Cloud Flare Full SSL, until the “Let’s encrypt” project takes off this summer. This approach however is not an end-to-end encryption scheme since all traffic is decrypted and encrypted again in the servers of the CDN. This is a drawback (and a deviation of the original concept of SSL) but it still is better than nothing and should be fixed by the summer.

About the author

Gonçalo Valério

Software developer and owner of this blog. More in the "about" page.

View all posts