AnandTech Goes HTTPS: All Encryption, All the Time
by John Campion & Ryan Smith on September 18, 2017 2:25 PM EST- Posted in
- Site Updates
If you’re reading this, then congratulations! You have successfully accessed AnandTech over HTTPS.
I’m pleased to announce that as of this afternoon, all AnandTech pages and websites are now being served over HTTPS, allowing us to offer end-to-end transport encryption throughout the site. This is part of a larger project for us which started with moving the AnandTech Forums over to the XenForo software package and HTTPS last year; now it’s AnandTech main site to receive a security treatment of its own.
This update is being rolled out both to improve the security of the site, and as part of a broader trend in site hosting & delivery. From a site operations point of view, we’ve needed to improve the security of the user login system for some time so that usernames and passwords are better protected, as the two of those items are obviously important. Meanwhile, although AnandTech itself is not sensitive content, the broader trends in website hosting is for all sites regardless of content to move to HTTPS, as end-to-end encryption still enhances user privacy, and that’s always a good thing.
With today’s update, we’re now serving all pages, images, and other local content exclusively over HTTPS. This also includes redirecting any HTTP requests to HTTPS to ensure a secure connection. Overall, the hosting change should be transparent to everyone – depending on your browser, this even eliminates any security warnings – and site performance is virtually identical to before, both on the server side for us and on the client side for you. In other words, a true upgrade in every sense of the word.
However in the unlikely event that you do encounter any issues, please let me know. Leave a note here in the comments, email me, send a tweet, etc. If something is amiss, we want to fix it as quickly as possible.
Finally, I want to quickly thank our long-time developer John Campion, DB guru Ross Whitehead, hosting master Alec Ginsberg, and the rest of the AnandTech/Purch development team for working on this project. While today’s update is transparent at the user level, a lot of work was necessary on the backend to make this as seamless as possible and to make it work with third-party content (ads, JS libraries, etc). So none of this would be possible without their outstanding efforts.
Facebook
Twitter
RSS
86 Comments
View All Comments
WatcherCK - Monday, September 18, 2017 - link
Like Hudson says " I feel safer already..."HardwareDufus - Friday, September 22, 2017 - link
Weird,WindowsCentral and TomsHardware launch complete Website redos this week... and AnandTech launches all encrypted all the time.
The Connection? Purch! Handles Ad Revenue for all 3 sites. Folks, we've reached the end.
Gothmoth - Monday, September 18, 2017 - link
wow and maybe in 3 years you are able to get a decent comment system.. you know one with editing function.....mapesdhs - Tuesday, September 19, 2017 - link
Ryan said this was intentional, but not why. Ryan, what's the rationale here? Is there evidence that whatever it is you want to prevent happens on other sites that do have editing? If so, can you cite some examples? I just hate posting stuff with typos. :DNuclearMusic - Monday, September 18, 2017 - link
This is great! Thanks Anandtech!olivaw - Monday, September 18, 2017 - link
Interesting that the certificate has many alternate subject names (below). Is it the provider or CDN that hold the private key?*.toptenreviews.com
*.dignifyed.com
*.laptopmag.com
*.tomshardware.fr
*.newsarama.com
*.tomsguide.com
*.tomshardware.de
*.space.com
*.buyerzone.com
*.shopsavvy.com
*.business.com
*.tomsguide.fr
*.businessnewsdaily.com
*.livescience.com
*.activejunky.com
*.anandtech.com
*.tomshardware.com
*.tomsitpro.com
*.tomshardware.co.uk
*.purchxapp.com
*.purch.com
*.assets.purch.com
purch.com
www.purch.com
Olafgarten212 - Monday, September 18, 2017 - link
These are all sites owned by Purch (Anandtech's Parent Company) so they are most likely using the same certificate for all of their sites.Ryan Smith - Monday, September 18, 2017 - link
Bingo.FreckledTrout - Tuesday, September 19, 2017 - link
Hopefully your sister site TH follows suite not only on HTTPS but some basic design decisions(should see what they switched to last week, ugh its fugly).DanNeely - Monday, September 18, 2017 - link
Probably not. EV certificates are - intentionally - a PITA to get. A normal cert just requires a basic automated check that you control the website. EV certs require extensive human in the loop checking to make sure that you work for/own the company that controls the web site and aren't a criminal gang impersonating the actual owners/administrators.