AnandTech Goes HTTPS: All Encryption, All the Time
by John Campion & Ryan Smith on September 18, 2017 2:25 PM EST- Posted in
- Site Updates
If you’re reading this, then congratulations! You have successfully accessed AnandTech over HTTPS.
I’m pleased to announce that as of this afternoon, all AnandTech pages and websites are now being served over HTTPS, allowing us to offer end-to-end transport encryption throughout the site. This is part of a larger project for us which started with moving the AnandTech Forums over to the XenForo software package and HTTPS last year; now it’s AnandTech main site to receive a security treatment of its own.
This update is being rolled out both to improve the security of the site, and as part of a broader trend in site hosting & delivery. From a site operations point of view, we’ve needed to improve the security of the user login system for some time so that usernames and passwords are better protected, as the two of those items are obviously important. Meanwhile, although AnandTech itself is not sensitive content, the broader trends in website hosting is for all sites regardless of content to move to HTTPS, as end-to-end encryption still enhances user privacy, and that’s always a good thing.
With today’s update, we’re now serving all pages, images, and other local content exclusively over HTTPS. This also includes redirecting any HTTP requests to HTTPS to ensure a secure connection. Overall, the hosting change should be transparent to everyone – depending on your browser, this even eliminates any security warnings – and site performance is virtually identical to before, both on the server side for us and on the client side for you. In other words, a true upgrade in every sense of the word.
However in the unlikely event that you do encounter any issues, please let me know. Leave a note here in the comments, email me, send a tweet, etc. If something is amiss, we want to fix it as quickly as possible.
Finally, I want to quickly thank our long-time developer John Campion, DB guru Ross Whitehead, hosting master Alec Ginsberg, and the rest of the AnandTech/Purch development team for working on this project. While today’s update is transparent at the user level, a lot of work was necessary on the backend to make this as seamless as possible and to make it work with third-party content (ads, JS libraries, etc). So none of this would be possible without their outstanding efforts.
86 Comments
View All Comments
jjj - Monday, September 18, 2017 - link
VigLink has an expired certificate, not sure it's not a time zone thing though.meacupla - Monday, September 18, 2017 - link
It's a nice upgrade, but the commenting on Anandtech is still very far behind other sites.Can I edit my comments? nope
Can I quote/refer to specific comments? not really
Do lengthy threads become split over multiple pages and also become difficult to decipher where it starts and ends? yep
Ryan Smith - Monday, September 18, 2017 - link
"Can I edit my comments? nope"The inability to edit comments is intentional.
Threska - Monday, September 18, 2017 - link
Hackaday does the same thing.DanNeely - Monday, September 18, 2017 - link
I understand that letting people edit comments well after the fact opens up a lot of potential abuse cases; but every second or third significant comment thread here has at least one person making followup replies to them-self a minute or two after first posting because they typoed or posted before completing, or etc. A limited window for editing would fix most of the problems with not having it at all, but still prevent people from editing in abusive content into comments after they've aged out of human inspection.mkaibear - Tuesday, September 19, 2017 - link
...or, for example, a "show original" button which displays if the comment has been edited, or an automatic edit moderation policy (I mean how many comments does AT have on their articles - I think the max I've seen is 400 a day when we had a confluence of articles a few weeks ago), or any one of a number of different ways you can allow edits yet retain accountability for original content....or, y'know, just make sure you get it right first time. ;)
Chugworth - Monday, September 18, 2017 - link
Excellent! We wouldn't want anyone to be eavesdropping on which tech news articles we're reading.Threska - Monday, September 18, 2017 - link
It's all that tech porn we all watch. ;-ppeevee - Monday, September 18, 2017 - link
Mandatory HTTPS is a huge waste of computing resources, including battery life. You are not a bank.extide - Monday, September 18, 2017 - link
Ehh, pretty much all mobile SoC's do hardware encryption offload these days so it's really negligible.