I hope Reddit can use HTTPS for its whole site soon. People use pseudonyms and multiple accounts on Reddit for a reason: freedom of expression. Yet NSA can easily collect all that data and mine it and search through it automatically, because they're tapping the Internet cables, which means all unencrypted data is theirs to own (and abuse).
https everywhere for reddit is actually a tricky proposition. Mainly because the browsers have yet to be designed to handle an all https website that embeds content from other sites.
We tried running reddit in all https mode, but you get a lot of mixed content warnings, which makes for an awful user experience.
There are also a lot of edge cases of the opposite case where people embed reddit on their site.
I'm likely ignorant of some of the external content, but what about forcing https-only users through a view that avoids external content? I already have reddit setup to not show thumbnails and never expand video links inline. It would be a reasonable trade off to me if the only other option is http only.
It's nice to hear there were attempts at having an all https mode. I have long been bummed that reddit is http only, for a variety of reasons.
I just checked it out again and it looks like the situation is improved now that Youtube is http (the biggest source of external embedded content).
That being said, there is still a significant monetary cost, not in terms of servers, but in terms of the fact that Akamai, the CDN for reddit, charges an arm and a leg for SSL support.
I recall GitHub redirecting external media through their own servers to deal with MCW, but I can't find the link to the blog post. I assume you've tried this, but what made that infeasible?
https://pay.reddit.com is still included in HTTPS Everywhere ruleset, but as an experimental rule. Navigate to reddit.com, click the HTTPS Everywhere extension icon, and you can manually enable it.
In this video the pundit comments that reddit had 100 million unique visitors last month. quantcast says 31 million: https://www.quantcast.com/reddit.com?country=US. Could quantcast be that far off or did the pundit misspeak?
He's speaking at my university soon (his book tour and more) and a top professor in our College of Business is helping arrange it and has set him up in one of our largest/nicest event halls.
Over a hundred confirmed attendees on facebook last I checked.
HAHA you can tell David Gregory was personally offended when Alex called Snowden a whistleblower.
Also, he's knowingly misleading his audience when he says there's been no evidence of abuse. The LOVINT revelations and general practice of Parallel Construction by other agencies are well-documented even by CNN.
18 comments
[ 4.8 ms ] story [ 42.2 ms ] threadWe tried running reddit in all https mode, but you get a lot of mixed content warnings, which makes for an awful user experience.
There are also a lot of edge cases of the opposite case where people embed reddit on their site.
It's nice to hear there were attempts at having an all https mode. I have long been bummed that reddit is http only, for a variety of reasons.
That being said, there is still a significant monetary cost, not in terms of servers, but in terms of the fact that Akamai, the CDN for reddit, charges an arm and a leg for SSL support.
It's such a pain to type by hand.
Source: I was one of the recipients of the request.
http://blog.reddit.com/2010/07/experts-misunderestimate-our-...
He's speaking at my university soon (his book tour and more) and a top professor in our College of Business is helping arrange it and has set him up in one of our largest/nicest event halls.
Over a hundred confirmed attendees on facebook last I checked.
Also, he's knowingly misleading his audience when he says there's been no evidence of abuse. The LOVINT revelations and general practice of Parallel Construction by other agencies are well-documented even by CNN.
Really? I didn't get that at all.