[Ach] (not) redirecting https to http

Hanno Böck hanno at hboeck.de
Thu Nov 5 12:57:41 CET 2015

On Wed, 4 Nov 2015 18:20:53 +0100
Rainer Hoerbe <rainer at hoerbe.at> wrote:

> OTOH I saw claims that advertising links (W3C PING list IIRC) would
> not be working properly if the landing page is HTTPS. Some guidance
> on that would be helpful.

Not sure what that exactly was about, but I can tell you that ads are a
major blocker of HTTPS deployment.

It's a bit of an embarrasing problem. I regularly write articles about
crypto topics for some news sites - and one comment that comes up every
time is "If you're so much for crypto why isn't your webpage https?".

The problem here is: There is hardly anything a small news site can do
(though I should mention a few manage to do it, usually if they have
strong ties to their ad provider). The major ad providers ignore the
topic, their large customers don't care. Even the "we should all go
https"-giant Google isn't consequent here. If you're using google ads
you can use https, but you'll get less revenue, because Google doesn't
force its partners to support https.

The best thing you can do here is to put pressure on the larger news
organizations. In the US this is pretty much already happening with the
NYT pledging to support HTTPS and the Washington Post going ahead. In
Germany not so much.

Hanno Böck

mail/jabber: hanno at hboeck.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20151105/20592858/attachment.sig>

More information about the Ach mailing list