Article Migrating from http to https

| | 0 Comments

Over the last few months we have been working very hard behind the scenes to provide a major security upgrade to UsingEnglish.com.

Since UsingEnglish.com launched in February 2002 users have been accessing the site using something called the HTTP protocol. You will perhaps recognise this as the first part of many internet addresses, such as in http://www.usingenglish.com/. Without wanting to get too deep into what this is, suffice to say that the HTTP protocol is an old and fairly insecure technology. Many many sites are using this as a way for users to access them, but increasingly sites are converting to the safer HTTPS protocol.

On 14th August 2016 we successfully performed the switch to HTTPS and have been closely monitoring it every since.

How will it impact users?

The change means that our web address has now changed to https://www.usingenglish.com/ and all pages on our site should be accessed using https:// instead of http:// at the beginning of our site address.

I'm using a Chrome browser so things might look slightly different for you, but for me the old HTTP site would look like this http in my address bar. Now that the changes have been made the new HTTPS site address looks like this: https. Notice the addition of the padlock icon? This is how you know you are accessing a secure page.

We have tried to make these changes very carefully in order to minimise any negative impact on our users. For example we have put in place redirects from the old site addresses to the new locations, however you might find it useful to update any links and bookmarks you have for us.

Why did we make this change?

Since HTTP is not a secure protocol, and website traffic using HTTP is unencrypted and is sent as cleartext. This basically means that anyone could intercept the transmitted data (e.g. session cookies, passwords, credit card numbers, etc). That means that when you access a site or send information over the internet using HTTP, every server through which that your traffic flows can read that data.

If a website you visit uses HTTPS, the data is encrypted, so in theory only you and the website you visit can see what you're doing on that website. Essentially it adds a barrier between web users and anyone that wants to spy on their Internet activities, or steal their information.

Google identifies several reasons to switch to HTTPS in their website migration guide:

Data sent using HTTPS is secured via Transport Layer Security protocol (TLS), which provides three key layers of protection:

  1. Encryption. Encrypting the exchanged data to keep it secure from eavesdroppers. That means that while the user is browsing a website, nobody can "listen" to their conversations, track their activities across multiple pages or steal their information.
  2. Data integrity. Data cannot be modified or corrupted during transfer, intentionally or otherwise, without being detected.
  3. Authentication. Proves that your users communicate with the intended website. It protects against man-in-the-middle attacks and builds user trust, which translates into other business benefits.

In summary

We believe that our users need to trust what we do with their data. Even though we don't store any financial or other personally identifiable information on our site, we do store some information about our users. This is mostly in the form of usernames, email addresses and site preferences etc. While we already have a clear privacy policy setting out what happens when you submit information to UsingEnglish.com, we have taken these additional steps to make sure that any information you do supply to us is safer, and that when you are using our site you can be sure that your sessions on our site are secured and encrypted using industry-standard security techniques.

For additional security tips, take a look at our page on online safety.

If you have any questions then please post a comment below.

Be safe!

The team at UsingEnglish.com

Categories: General

Leave a comment