AnandTech Goes HTTPS: All Encryption, All the Time
by John Campion & Ryan Smith on September 18, 2017 2:25 PM EST- Posted in
- Site Updates
If you’re reading this, then congratulations! You have successfully accessed AnandTech over HTTPS.
I’m pleased to announce that as of this afternoon, all AnandTech pages and websites are now being served over HTTPS, allowing us to offer end-to-end transport encryption throughout the site. This is part of a larger project for us which started with moving the AnandTech Forums over to the XenForo software package and HTTPS last year; now it’s AnandTech main site to receive a security treatment of its own.
This update is being rolled out both to improve the security of the site, and as part of a broader trend in site hosting & delivery. From a site operations point of view, we’ve needed to improve the security of the user login system for some time so that usernames and passwords are better protected, as the two of those items are obviously important. Meanwhile, although AnandTech itself is not sensitive content, the broader trends in website hosting is for all sites regardless of content to move to HTTPS, as end-to-end encryption still enhances user privacy, and that’s always a good thing.
With today’s update, we’re now serving all pages, images, and other local content exclusively over HTTPS. This also includes redirecting any HTTP requests to HTTPS to ensure a secure connection. Overall, the hosting change should be transparent to everyone – depending on your browser, this even eliminates any security warnings – and site performance is virtually identical to before, both on the server side for us and on the client side for you. In other words, a true upgrade in every sense of the word.
However in the unlikely event that you do encounter any issues, please let me know. Leave a note here in the comments, email me, send a tweet, etc. If something is amiss, we want to fix it as quickly as possible.
Finally, I want to quickly thank our long-time developer John Campion, DB guru Ross Whitehead, hosting master Alec Ginsberg, and the rest of the AnandTech/Purch development team for working on this project. While today’s update is transparent at the user level, a lot of work was necessary on the backend to make this as seamless as possible and to make it work with third-party content (ads, JS libraries, etc). So none of this would be possible without their outstanding efforts.
86 Comments
View All Comments
Ryan Smith - Monday, September 18, 2017 - link
Yes. It's something I've wanted to do for a while now - and something we needed to do because of the user comment system. We actually planned to do this earlier in the year, but prototyping and some other factors changed our approach (and our timeline).Threska - Monday, September 18, 2017 - link
Not sure what the comment system has to do with HTTPS; maybe keeping ISPs from spying on our comments.Ryan Smith - Monday, September 18, 2017 - link
Because the comment system requires login credentials, which need to be passed over an encrypted connection.schizoide - Monday, September 18, 2017 - link
Well, I worked on sites with non-encrypted frontends and embedded secure comments, it isn't a problem. There's that wordpress comment plugin everybody hates, and Discourse will do it also.Not to detract from the importance of encrypting _everything_ for privacy's sake of course. And Google pagerank!
Gothmoth - Monday, September 18, 2017 - link
hope some day you will make a decent comment system too.. because this one is a shame..peevee - Tuesday, September 19, 2017 - link
Or just switch to Disqus instead of reinventing the wheel. Not that a decent comment system is terribly hard to make (or hard at all), but this one and many others, even at large organizations, are so ridiculously poor... I don't know where they hire product managers for such features... day laborers' cites?jimbo2779 - Tuesday, September 19, 2017 - link
I understand the thinking that it would be good to have more controls over the comment section I actually don't care if these features aren't there. When you add media support you end up with a bunch of meme posting as opposed to the, generally, meaningful conversations that go on in this comment section.Shlong - Wednesday, September 20, 2017 - link
I had a friend who ran a fairly large site around 3-4 years ago. When he ran disqus, for decent controls they wanted him to pay $3,000 a month for enterprise software, the free version you get basic admin controls but he need the ones in the payment plan. He got rid of it with a quickness.darwinosx - Monday, September 18, 2017 - link
It's kind of funny anandtech thinks this is a thing when many sites did it a long time ago.schizoide - Monday, September 18, 2017 - link
Probably took them a ton of work, and they aren't making a huge deal out of it, just telling their community.