why-https.html

<!DOCTYPE html>
<html>
	<head>
		<title>Why HTTPS?</title>


<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
  <meta name="viewport" content="width=device-width, initial-scale=1.0"/>



<link rel="stylesheet" type="text/css" href="files/main_style.css" title="wsite-theme-css" />
<link rel="icon" type="image/png" href="favicon.png" />


<style type='text/css'>
.wsite-elements.wsite-not-footer div.paragraph, .wsite-elements.wsite-not-footer p, .wsite-elements.wsite-not-footer .product-block .product-title, .wsite-elements.wsite-not-footer .product-description, .wsite-elements.wsite-not-footer .wsite-form-field label, .wsite-elements.wsite-not-footer .wsite-form-field label, #wsite-content div.paragraph, #wsite-content p, #wsite-content .product-block .product-title, #wsite-content .product-description, #wsite-content .wsite-form-field label, #wsite-content .wsite-form-field label, .blog-sidebar div.paragraph, .blog-sidebar p, .blog-sidebar .wsite-form-field label, .blog-sidebar .wsite-form-field label {font-family:"Roboto" !important;line-height:27px !important;}
#wsite-content div.paragraph, #wsite-content p, #wsite-content .product-block .product-title, #wsite-content .product-description, #wsite-content .wsite-form-field label, #wsite-content .wsite-form-field label, .blog-sidebar div.paragraph, .blog-sidebar p, .blog-sidebar .wsite-form-field label, .blog-sidebar .wsite-form-field label {color:#fff !important;}
.wsite-elements.wsite-footer div.paragraph, .wsite-elements.wsite-footer p, .wsite-elements.wsite-footer .product-block .product-title, .wsite-elements.wsite-footer .product-description, .wsite-elements.wsite-footer .wsite-form-field label, .wsite-elements.wsite-footer .wsite-form-field label{}
.wsite-elements.wsite-not-footer h2, .wsite-elements.wsite-not-footer .product-long .product-title, .wsite-elements.wsite-not-footer .product-large .product-title, .wsite-elements.wsite-not-footer .product-small .product-title, #wsite-content h2, #wsite-content .product-long .product-title, #wsite-content .product-large .product-title, #wsite-content .product-small .product-title, .blog-sidebar h2 {font-family:"Sansation" !important;font-weight:700 !important;text-transform:  none !important;}
#wsite-content h2, #wsite-content .product-long .product-title, #wsite-content .product-large .product-title, #wsite-content .product-small .product-title, .blog-sidebar h2 {color:#44d531 !important;}
.wsite-elements.wsite-footer h2, .wsite-elements.wsite-footer .product-long .product-title, .wsite-elements.wsite-footer .product-large .product-title, .wsite-elements.wsite-footer .product-small .product-title{}
#wsite-title {font-family:"Sansation" !important;font-weight:700 !important;color:#29f935 !important;font-style:normal !important;text-transform:  none !important;}
.wsite-not-footer h2.wsite-content-title a, .wsite-not-footer .paragraph a, .wsite-not-footer blockquote a, #blogTable .blog-sidebar a, #blogTable .blog-comments a, #blogTable .blog-comments-bottom a, #wsite-com-store a, #wsite-com-product-gen a {color:#d817d8 !important;}
.wsite-menu-default a {font-family:"Sansation" !important;font-weight:400 !important;text-transform:  none !important;}
.wsite-menu a {}
.wsite-image div, .wsite-caption {}
.wsite-headline {font-family:"Sansation" !important;font-size:86px !important;font-weight:700 !important;line-height:20px !important;font-style:normal !important;text-transform:  none !important;}
.wsite-headline-paragraph {font-family:"Stoke" !important;text-transform:  none !important;}
.wsite-button-inner {}
.wsite-not-footer blockquote {}
.wsite-footer blockquote {}
.blog-header h2 a {}
#wsite-content h2.wsite-product-title {}
.wsite-product .wsite-product-price a {}
.wsite-not-footer h2.wsite-content-title a:hover, .wsite-not-footer .paragraph a:hover, .wsite-not-footer blockquote a:hover, #blogTable .blog-sidebar a:hover, #blogTable .blog-comments a:hover, #blogTable .blog-comments-bottom a:hover, #wsite-com-store a:hover, #wsite-com-product-gen a:hover {color:#46daa0 !important;}
</style>

<script src='https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js'></script>



	</head>
	<body class="no-header-page  wsite-theme-dark  wsite-page-why-https"><div class="wrapper">
    <div class="paris-header">
      <div class="container">
        <label class="hamburger"><span></span></label>
      	<div class="logo"><span class="wsite-logo">

	<a href="">

	<span id="wsite-title">SecureUtah.org</span>

	</a>

</span></div>
        <div class="nav desktop-nav"><ul class="wsite-menu-default">
		<li id="pg355222250483215893"
			class="wsite-menu-item-wrap"
			>
			<a href="index.html"

				class="wsite-menu-item"
				>
				Home
			</a>

		</li>
		<li id="active"
			class="wsite-menu-item-wrap"
			>
			<a href="why-https.html"

				class="wsite-menu-item"
				>
				Why HTTPS?
			</a>

		</li>
		<li id="pg985763262297598903"
			class="wsite-menu-item-wrap"
			>
			<a href="utahwatch.html"

				class="wsite-menu-item"
				>
				UtahWatch
			</a>

		</li>
		<li id="pg975310647192145519"
			class="wsite-menu-item-wrap"
			>
			<a href="resources.html"

				class="wsite-menu-item"
				>
				Resources
			</a>

		</li>
		<li id="pg994273301206676077"
			class="wsite-menu-item-wrap"
			>
			<a href="about.html"

				class="wsite-menu-item"
				>
				About
			</a>

		</li>
</ul>
</div>
      </div><!-- end .container -->
	  </div><!-- end .header -->

    <div class="main-wrap">
      <div class="container">
        <div class="content-wrap"><div id='wsite-content' class='wsite-elements wsite-not-footer'>
<div><div class="wsite-image wsite-image-border-none " style="padding-top:10px;padding-bottom:10px;margin-left:0px;margin-right:0px;text-align:center">
<a>
<img src="whyhttps.png?960" alt="Picture" style="width:960;max-width:100%" />
</a>
<div style="display:block;font-size:90%"></div>
</div></div>

<div class="wsite-spacer" style="height:25px;"></div>

<div><div class="wsite-multicol"><div class="wsite-multicol-table-wrap" style="margin:0 -15px;">
	<table class="wsite-multicol-table">
		<tbody class="wsite-multicol-tbody">
			<tr class="wsite-multicol-tr">
				<td class="wsite-multicol-col" style="width:9.5952262874328%; padding:0 15px;">



<div class="wsite-spacer" style="height:50px;"></div>



				</td>				<td class="wsite-multicol-col" style="width:80.80873627939%; padding:0 15px;">



<div class="paragraph" style="text-align:center;"><span><font size="5"><font color="#29f935">All</font> web traffic should be delivered securely between a website and its visitors. &nbsp;HTTPS is the network protocol that creates an encrypted communication channel that protects <font color="#29f935">your</font> data as it travels over an insecure Internet.</font></span></div>

<div><div style="height: 20px; overflow: hidden; width: 100%;"></div>
<hr class="styled-hr" style="width:100%;"></hr>
<div style="height: 20px; overflow: hidden; width: 100%;"></div></div>

<h2 class="wsite-content-title" style="text-align:center;"><font size="6">Integrity &amp; Authenticity</font></h2>

<div class="paragraph" style="text-align:left;"><font size="4">&nbsp; &nbsp; &nbsp;HTTPS provides the best method for a website owner to deliver their content to their visitors exactly as it was designed and without any extra code inserted or removed by a third party. &nbsp;The security components within HTTPS require that the website authenticate itself to the visitor&rsquo;s browser at the very beginning of the connection while also allowing the browser to perform validation checks against the server&rsquo;s authentication claims.</font></div>

<div><div style="height: 20px; overflow: hidden; width: 100%;"></div>
<hr class="styled-hr" style="width:100%;"></hr>
<div style="height: 20px; overflow: hidden; width: 100%;"></div></div>

<h2 class="wsite-content-title" style="text-align:center;"><font size="6">The Network is Hostile</font></h2>

<div class="paragraph" style="text-align:left;"><span id="selectionBoundary_1455663816630_48382306657731533">&#65279; &nbsp; &nbsp;&nbsp;</span><font size="4">The path that web traffic takes across the Internet is often unpredictable and increasingly unsafe. &nbsp;Unencrypted web traffic is regularly intercepted, shamelessly manipulated, and arbitrarily censored, usually without the visitor or website owner knowing that these actions are taking place.<br /><br />&#8203; &nbsp; &nbsp;&nbsp;With HTTPS the website can only be delivered whole or not at all. &nbsp;HTTPS encloses all of a website&rsquo;s data, defending against in-transit snooping and tampering as it moves through an unfortunately adverse environment.</font></div>

<div><div style="height: 20px; overflow: hidden; width: 100%;"></div>
<hr class="styled-hr" style="width:100%;"></hr>
<div style="height: 20px; overflow: hidden; width: 100%;"></div></div>

<h2 class="wsite-content-title" style="text-align:center;"><font size="6">All Traffic is Sensitive</font></h2>

<div class="paragraph" style="text-align:left;"><font size="4">&nbsp; &nbsp; &nbsp;Regular unencrypted HTTP connections to websites are a privacy vulnerability and they will always expose sensitive personal information. &nbsp;Third parties monitoring an HTTP connection will see a website visitor's physical location identifiers, login credentials, camera and audio feeds, search terms, medical conditions, political interests, and reading material.<br /><br />&nbsp;&nbsp;&nbsp;HTTPS helps stop third parties from seeing and tracking the specific content a website visitor looks at. &nbsp;All Internet data should be given the same high level of privacy and protection, whether the website content be social, financial, medical, legal, political, scholarly, or religious.</font></div>

<div><div style="height: 20px; overflow: hidden; width: 100%;"></div>
<hr class="styled-hr" style="width:100%;"></hr>
<div style="height: 20px; overflow: hidden; width: 100%;"></div></div>

<h2 class="wsite-content-title" style="text-align:center;">You Love Your Users</h2>

<div class="paragraph" style="text-align:left;"><font size="4">&nbsp; &nbsp; &nbsp;It is the ethical duty of a website owner to provide their visitors with the most secure and safest connection method available. &nbsp;Enabling HTTPS directly benefits a website&rsquo;s users while also helping the larger Internet &mdash; encrypting a website&rsquo;s traffic removes a number of dangerous avenues of attack that are used by bad actors and malicious entities.<br /><br />&#8203; &nbsp; &nbsp;&nbsp;With an abundance of online resources and guides the technical process of adding HTTPS is a solved problem for the large majority of websites. &nbsp;The dollar cost to obtain the required HTTPS authentication certificates has dropped to zero. &nbsp;With clear security benefits and the prevailing technical and financial hurdles of the past all but gone, choosing to provide HTTPS is now a matter of principle that should be eagerly embraced.&#8203;</font></div>

<div><div style="height: 20px; overflow: hidden; width: 100%;"></div>
<hr class="styled-hr" style="width:100%;"></hr>
<div style="height: 20px; overflow: hidden; width: 100%;"></div></div>

<h2 class="wsite-content-title" style="text-align:center;">Best Practice</h2>

<div class="paragraph" style="text-align:left;"><font size="4">&nbsp; &nbsp; &nbsp;Two of the major web browsers are already guiding web development away from insecure HTTP connections and towards an all-HTTPS web. &nbsp;Mozilla <a href="https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/" target="_blank">announced</a> in April 2015 that they will gradually reduce the website features that Firefox is allowed to access over HTTP connections. &nbsp;Google <a href="http://www.chromium.org/Home/chromium-security/marking-http-as-non-secure" target="_blank">will soon update Chrome</a> to visually warn users that HTTP connections are not secure. &nbsp;Both companies are working on developing and promoting a number of other background technical processes that will make HTTPS connections faster and more secure.<br /><br />&nbsp; Three of the Internet&rsquo;s technical standards bodies have released statements in support of ubiquitous encryption to combat monitoring and manipulation. The <a href="https://tools.ietf.org/html/rfc7258" target="_blank">IETF</a>, <a href="https://www.iab.org/2014/11/14/iab-statement-on-internet-confidentiality/" target="_blank">IAB</a> and <a href="https://w3ctag.github.io/web-https/#other-concerns-about-https" target="_blank"> W3C</a> help define the development and construction of Internet communication and web traffic. &nbsp;Their strong support for encrypted traffic serves as a bellweather for how the Internet of the near future will take shape.</font></div>

<div><div style="height: 20px; overflow: hidden; width: 100%;"></div>
<hr class="styled-hr" style="width:100%;"></hr>
<div style="height: 20px; overflow: hidden; width: 100%;"></div></div>

<div><div style="height: 20px; overflow: hidden; width: 100%;"></div>
<hr class="styled-hr" style="width:100%;"></hr>
<div style="height: 20px; overflow: hidden; width: 100%;"></div></div>



				</td>				<td class="wsite-multicol-col" style="width:9.5960374331775%; padding:0 15px;">



<div class="wsite-spacer" style="height:50px;"></div>



				</td>			</tr>
		</tbody>
	</table>
</div></div></div>

<div><div class="wsite-multicol"><div class="wsite-multicol-table-wrap" style="margin:0 -15px;">
	<table class="wsite-multicol-table">
		<tbody class="wsite-multicol-tbody">
			<tr class="wsite-multicol-tr">
				<td class="wsite-multicol-col" style="width:9.5959595959596%; padding:0 15px;">



<div class="wsite-spacer" style="height:50px;"></div>



				</td>				<td class="wsite-multicol-col" style="width:90.40404040404%; padding:0 15px;">



<div><div class="wsite-multicol"><div class="wsite-multicol-table-wrap" style="margin:0 -15px;">
	<table class="wsite-multicol-table">
		<tbody class="wsite-multicol-tbody">
			<tr class="wsite-multicol-tr">
				<td class="wsite-multicol-col" style="width:90.167597765363%; padding:0 15px;">



<h2 class="wsite-content-title" style="text-align:center;"><font size="7">&nbsp;</font><font color="#3be0ed"><font size="7">Further Reading</font></font></h2>

<div class="paragraph" style="text-align:left;"><font size="4">The following writings have directly inspired the creation and fueled the development of this website. For a deeper understanding of why HTTPS, secure communications, and user privacy are important for the modern web please continue reading. The authors' names provide links to their entire text.</font></div>

<div><div style="height: 20px; overflow: hidden; width: 100%;"></div>
<hr class="styled-hr" style="width:100%;"></hr>
<div style="height: 20px; overflow: hidden; width: 100%;"></div></div>

<h2 class="wsite-content-title" style="text-align:left;"><font size="6">Why you should care about HTTPS</font></h2>

<div class="paragraph" style="text-align:left;"><font size="4">Traditionally, the arguments in favor of HTTPS have been for integrity, privacy, and identity. If a message is encrypted by a server before it&rsquo;s sent to your computer, and its done in such a way that only you can decrypt it, you can have a high level of confidence that the message you receive is the message the server sent (integrity), and that you&rsquo;re the only one who opened it (privacy). Further still, because of the initial handshake that makes all this possible, you know that the server you&rsquo;re talking to is the one you want to talk to, and not someone else pretending to be the server (identity).<br /><br />Without HTTPS, there&rsquo;s a couple of points in the route each request must take that could allow a third-party to intercept, or worse, modify your request or its response as it travels over the open internet.<br />&#8203;&#8203;</font><br /><a target="_blank" href="http://ben.balter.com/2015/01/06/https-all-the-things/"><strong><font size="5">&mdash; Ben Balter</font></strong></a></div>

<div><div style="height: 20px; overflow: hidden; width: 100%;"></div>
<hr class="styled-hr" style="width:100%;"></hr>
<div style="height: 20px; overflow: hidden; width: 100%;"></div></div>

<h2 class="wsite-content-title" style="text-align:left;"><font size="6">The Network is Hostile</font></h2>

<div class="paragraph" style="text-align:left;"><font size="4">Anyone who has taken a network security class knows that the first rule of Internet security is that&nbsp;<span>there is no Internet security</span>. Indeed, this assumption is baked into the design of the Internet and most<span>&nbsp;</span>packet-switched networks&#8202;&mdash;&#8202;systems where unknown third parties are responsible for handling and routing your data. There is no way to ensure that your packets will be routed as you want them, and there&rsquo;s absolutely no way to ensure that they won&rsquo;t be looked at.<br /><br />Indeed, the implications of this were obvious as far back as&nbsp;<a href="https://en.wikipedia.org/wiki/ARPANET">ARPANET</a>. If you connect from point A to point B, it was well known that your packets would traverse untrusted machines C, D and E in between. In the 1970s the only thing preserving the privacy of your data was a gentleman&rsquo;s agreement not to peek. If that wasn&rsquo;t good enough, the network engineers argued, you had to&nbsp;<a href="http://users.ece.cmu.edu/~adrian/630-f04/readings/bellovin-tcp-ip.pdf">provide your own security</a>&nbsp;between the endpoints themselves.<br /><br />My take from the NSA revelations is that even though this point was &lsquo;obvious&rsquo; and well-known, we&rsquo;ve always felt it more intellectually than in our hearts. Even knowing the worst was possible, we still chose to believe that direct peering connections and leased lines from reputable providers like AT&amp;T would make us safe. If nothing else, the NSA leaks have convincingly refuted this assumption.</font><br /><br /><a target="_blank" href="https://blog.cryptographyengineering.com/2015/08/the-network-is-hostile.html"><strong><font size="5">&mdash; Matthew Green</font></strong></a></div>

<div><div style="height: 20px; overflow: hidden; width: 100%;"></div>
<hr class="styled-hr" style="width:100%;"></hr>
<div style="height: 20px; overflow: hidden; width: 100%;"></div></div>

<h2 class="wsite-content-title" style="text-align:left;"><font size="6">Why HTTPS for Everything?</font></h2>

<div class="paragraph" style="text-align:left;"><font size="4">HTTP has become central to today&rsquo;s way of life. HTTP is currently the primary protocol for applications used on computers, tablets, smartphones, and many other devices.<br /><br />As our dependency on the internet has grown, the risk to users&rsquo; privacy and safety has grown along with it.<br /><br />Every unencrypted HTTP request reveals information about a user&rsquo;s behavior, and the interception and tracking of unencrypted browsing has become commonplace.<br /><br />Today,&nbsp;<span style="font-weight:700">there is no such thing as non-sensitive web traffic</span>, and public services should not depend on the benevolence of network operators.<br /><br />When properly configured, HTTPS can provide a fast, secure connection that offers the level of privacy and reliability that users should expect from government web services.</font><br /><br /><a target="_blank" href="https://https.cio.gov/everything/"><strong><font size="5">&mdash; White House Office of Management and Budget</font></strong></a></div>

<div><div style="height: 20px; overflow: hidden; width: 100%;"></div>
<hr class="styled-hr" style="width:100%;"></hr>
<div style="height: 20px; overflow: hidden; width: 100%;"></div></div>

<h2 class="wsite-content-title" style="text-align:left;"><font size="6">Deprecating Non-Secure HTTP</font></h2>

<div class="paragraph" style="text-align:left;"><font size="4">Q. But there&rsquo;s nothing secret on my site! Why should I bother with encryption?<br /><br />A. HTTPS isn&rsquo;t just about encryption. It also provides integrity, so your site can&rsquo;t be modified, and authentication, so users know they&rsquo;re connecting to you and not some attacker. Lacking any one of these three properties can cause problems&hellip;<br /><br />In other words, as long as your site is not secure, it can be used as a weapon against your users and against other web sites. More non&shy;secure sites means more risk for the overall Web.</font><br /><br /><a href="https://blog.mozilla.org/security/files/2015/05/HTTPS-FAQ.pdf" target="_blank"><font size="5"><strong>&mdash; Richard Barnes</strong></font></a></div>

<div><div style="height: 20px; overflow: hidden; width: 100%;"></div>
<hr class="styled-hr" style="width:100%;"></hr>
<div style="height: 20px; overflow: hidden; width: 100%;"></div></div>

<h2 class="wsite-content-title" style="text-align:left;"><font size="6">We're Deprecating HTTP And It's Going to Be Okay</font></h2>

<div class="paragraph" style="text-align:left;"><font size="4">I see companies and government asserting themselves over&nbsp;<span>their</span>&nbsp;network. I see a network that is not just overseen, but actively hostile. I see an internet being steadily drained of its promise to&nbsp;<a href="https://en.wikiquote.org/wiki/John_Gilmore" title="">&ldquo;interpret censorship as damage&rdquo;</a>.<br /><br />In short, I see power moving away from the leafs and devolving back into the center, where power has been used to living for thousands of years.<br /><br />What animates me is knowing that&nbsp;<span style="font-weight:700">we can actually change this dynamic</span>&nbsp;by making strong encryption ubiquitous. We can force online surveillance to be as narrowly targeted and inconvenient as law enforcement was always meant to be. We can force ISPs to be the neutral commodity pipes they were always meant to be. On the web, that means HTTPS.</font><br /><br /><a href="https://konklone.com/post/were-deprecating-http-and-its-going-to-be-okay" target="_blank" title=""><font size="5"><strong>&mdash; Eric Mill</strong></font></a></div>

<div><div style="height: 20px; overflow: hidden; width: 100%;"></div>
<hr class="styled-hr" style="width:100%;"></hr>
<div style="height: 20px; overflow: hidden; width: 100%;"></div></div>

<h2 class="wsite-content-title" style="text-align:left;"><font size="6">How to Get a Company or Organisation to implement an Onion Site</font></h2>

<div class="paragraph" style="text-align:left;"><font size="4">People who want to access your site are at risk. You know how many people. If it&rsquo;s reasonably cheap to do so&#8202;&mdash;&#8202;</font><span style="font-size: large;">and it is reasonably cheap</span><font size="4">&#8202;&mdash;&#8202;are you willing to make an affordance for these people to be more secure and have a better experience when accessing your site?</font><br /><font size="4">&#8203;</font><br /><a target="_blank" href="https://www.facebook.com/notes/alec-muffett/how-to-get-a-company-or-organisation-to-implement-an-onion-site-ie-a-tor-hidden-/10153762090530962"><strong><font size="5">&mdash; Alec Muffett</font></strong></a></div>



				</td>				<td class="wsite-multicol-col" style="width:9.8324022346369%; padding:0 15px;">



<div class="wsite-spacer" style="height:50px;"></div>



				</td>			</tr>
		</tbody>
	</table>
</div></div></div>



				</td>			</tr>
		</tbody>
	</table>
</div></div></div>

<div><div style="height: 20px; overflow: hidden; width: 100%;"></div>
<hr class="styled-hr" style="width:100%;"></hr>
<div style="height: 20px; overflow: hidden; width: 100%;"></div></div>

<div><div style="height: 20px; overflow: hidden; width: 100%;"></div>
<hr class="styled-hr" style="width:100%;"></hr>
<div style="height: 20px; overflow: hidden; width: 100%;"></div></div></div>
</div>
      </div><!-- end container -->
    </div>

	</div>

    <div class="nav mobile-nav">
        <label class="hamburger"><span></span></label>
        <ul class="wsite-menu-default">
        		<li id="pg355222250483215893"
        			class="wsite-menu-item-wrap"
        			>
        			<a href="index.html"

        				class="wsite-menu-item"
        				>
        				Home
        			</a>

        		</li>
        		<li id="active"
        			class="wsite-menu-item-wrap"
        			>
        			<a href="why-https.html"

        				class="wsite-menu-item"
        				>
        				Why HTTPS?
        			</a>

        		</li>
        		<li id="pg985763262297598903"
        			class="wsite-menu-item-wrap"
        			>
        			<a href="utahwatch.html"

        				class="wsite-menu-item"
        				>
        				UtahWatch
        			</a>

        		</li>
        		<li id="pg975310647192145519"
        			class="wsite-menu-item-wrap"
        			>
        			<a href="resources.html"

        				class="wsite-menu-item"
        				>
        				Resources
        			</a>

        		</li>
        		<li id="pg994273301206676077"
        			class="wsite-menu-item-wrap"
        			>
        			<a href="about.html"

        				class="wsite-menu-item"
        				>
        				About
        			</a>

        		</li>
        </ul>
    </div>


	<script type="text/javascript" src="files/theme/custom.js"></script>



	</body>
</html>