The Certificate Authority model does not work for LAN devices

HTTPS is the future and the future is (finally) here. Secure HTTP requests that provide end-to-end encryption between the client making the request and the server providing it with the requested content is finally making some headway, with almost a third of the top one million sites on the internet serving content over SSL, as of August 2017:1

But what this chart doesn’t show is an important subsection of HTTP traffic that is unfortunately infamous for a general lack of security: IoT. The “internet of things,” as it is called, is famous for fiascoes that have allowed hackers to break into the privacy of homes, spying on consumers via internet-enabled nanny cams, gaining access to so-called “smart locks” to break into houses, obtaining sensitive information, and exposing private content and data thanks to insecurely designed consumer products and services that live on the local network.

Continue reading

  1. Source: BuiltWith SSL trends 

Why Google’s announcement of fully encrypted search doesn’t matter for analytics

Google finally announced what we all knew was coming sooner or later: all search is now encrypted — and the kicker for those of us in the online business is that we’ll never again receive information about which keywords searchers used to land on our site (from Google, at any rate).

(Backstory: when you search on Google, the search terms are part of the URL of the results page. When clicking on search results, your browser normally sends the URL of the page you were on along with your request to the server of the page you’re visiting. Except for when browsing over HTTPS: here, the browser does not send this critical – and sometimes sensitive – information to the server of the page you’re about to see. This referrer information was the basis of keyword metrics to determine which keywords bring in the most visitors to individual pages on your site.)

But, honestly, despite the fact that the web is now full of people griping about this change, it actually doesn’t matter. Google’s announcement is nothing more than a formality. Have a look below to see why:

Continue reading