reddit Ditches HTTP Goes All In HTTPS

Starting June 29th, popular site reddit will be enforcing HTTPS compliance with all of its traffic. Plaintext HTTP traffic will be rejected by the site starting on that date. HTTPS will be supported by HSTS to make sure it is more secure and secure against downgrade attacks. This move comes after reddit first introduced HTTPS 9 months ago. That program was opt-in only however and suffered some compatibility issues. It appears that reddit is now confident enough to enforce HTTPS for everyone.

reddit joins the trend of other firms in offering more secure communications by switching to HTPPS. No longer will spies be able to determine your favourite subreddits, or link your account and comments back to you. Wikipedia announced HTTPS will be rolling out for all users last week and Netflix will eventually also support HTTPS for all users after starting a roll out two months ago. In comparison, Facebook moved to HTTPS almost 3 years ago.

HTTPS encryption is not free as it still incurs a bandwidth and processing load overhead. However, the disclosure of various state sponsored bulk surveillance programs and the rise of other criminally malicious actors have led to calls for more security. reddit noted that it valued the privacy and open communication its users enjoys and in some ways, it seems logical that most communication happen over HTTPS, as it as the very least, requires malicious actors to take extra steps to break into our communications. The announcement post can be found here.