Reddit Switches to Encryption By Default

The internet giant will switch to HTTPS by default by the end of the month.

|
Jun 17 2015, 4:42pm

Image: GongTo/Shutterstock

The so-called front page of the internet is jumping on the encryption bandwagon.

Reddit quietly announced on Tuesday that it will soon start to better protect your privacy and security by switching to HTTPS by default starting on June 29. On that day, Reddit will become one of the largest sites on the web to be HTTPS only, joining a burgeoning movement to encrypt the whole web by default.

"We're ready to enforce that everyone use a secure connection with reddit," Reddit's system administrator Ricky Ramirez wrote in a short post on the site's developers subreddit. "HTTP will no longer be available."

"We're ready to enforce that everyone use a secure connection with reddit."

Since last year, Reddit already supported HTTPS, but it wasn't turned on by default, meaning that as a user had to turn on a setting on the site's preferences, type https:// before the address, or have a plugin such as HTTPS Everywhere to force the connection to the site to be encrypted.

In less than two weeks, Reddit will force all users to HTTPS, according to Ramirez's post.

Reddit's announcement comes just a few days after another internet giant such as Wikipedia started switching all its sites to HTTPS only. Big websites like Facebook, Google and Twitter have supported HTTPS by default for years, but the practice is only starting to gain mainstream adoption in the last year.

This has been in part thanks to a coordinated push from both nonprofit organizations and big tech companies. Earlier this year, the World Wide Web Consortium (W3C), the internet's main international standards organization, encouraged the wider adoption of HTTPS in a paper. Last year, the human rights organization Access, with the support of companies such as Twitter, Dropbox, and Reddit itself, launched a pro-HTTPS campaign called "Encrypt all The Things."

Others, such as Google, Mozilla, and Apple, have all signaled their intention to abandon the unencrypted web. Even the White House recently set a deadline for all government sites to migrate to HTTPS only.

"We believe encrypting by default is the best course of action for the Internet in today's political climate."

When a website is HTTPS only, it forces visitors to an encrypted connection that uses the more secure TLS protocol, ensuring that the data that they send to the site (think login passwords or private messages) isn't visible while it travels across the internet. With HTTPS enabled, it's harder for spies and hackers to see what you are doing on a site, and it's harder for repressive regimes to selectively censor certain parts of a site (something that Iran used to do with Wikipedia or Instagram, for example).

Reddit has long been known for its pro-free speech, pro-privacy stance, and now the site is walking the walk.

"We believe we've finally overcome our technical challenges in providing an encrypted connection to all of our users," Reddit spokesperson Ashley Dawkins told Motherboard, "and believe encrypting by default is the best course of action for the Internet in today's political climate."