Eclecticism is Now Secure (HTTPS)

by
This entry was published at least two years ago (originally posted on November 22, 2016). Since that time the information may have become outdated or my beliefs may have changed (in general, assume a more open and liberal current viewpoint). A fuller disclaimer is available.

Thanks to Dreamhost’s Let’s Encrypt initiative, plus a little nudging while setting up the iOS version of Ulysses, the (simple but very powerful) editor I’m using for writing posts here, my site is now HTTPS enabled.

For those who don’t know the terminology, all that means is that all traffic between my blog and your web browser is encrypted, and cannot be read by anyone who might intercept the data stream in transmission. You don’t have to do anything, it just happens automagically in the background.

While there’s nothing here that really requires the transmission to be encrypted — I don’t sell anything or have any reason to ask for sensitive information, which is the primary use case (and why HTTPS is used by financial institutions, shopping site, and so on) — I’m increasingly of the opinion that it’s just good practice to encrypt whenever possible.

Think of it like sending a physical letter to a friend via traditional snail mail; there might not be anything in the letter that needs to be kept private, but I’d still be pretty disturbed if I got a letter from someone and saw that the envelope had been opened so that someone else could read the contents.

Of course, with electronic communication, there’s no ripped envelope to let you know that someone’s taken a peek at what you’re saying or reading. Unsecure websites (or emails) are more like sending postcards: while for most people it’s pretty unlikely that anyone between the sender and receiver would be reading the postcard, it’s entirely possible that it could happen. Adding encryption means that not only is there an “envelope”, but it’s an envelope that can’t be opened by anyone but the receiver.

Good security isn’t paranoia. Just a good idea.

(Incidentally, I’m also set up with PGP encryption for my email, and would use it more often if I knew my contacts were similarly set up. Just contact me for my PGP public key if you’d like to securely email me (I’ll get it posted here eventually, I’m just finding bits and pieces of my site that need to be recreated after letting it lie fallow for so long, and that’s one).)