HTTPS Available as Opt-In for Blogspot

Google announced that it has made HTTPS available as an opt-in for its Blogspot blog-publishing service.

Google said on Wednesday it has made HTTPS available as an opt-in for its Blogspot publishing service.

Google and other technology providers have been ramping up encryption rollouts in the two years since the publication of the Snowden documents began. To date, Google has encrypted Gmail, search, Google Drive and its ad products as part of its HTTPS Everywhere campaign.

“While this initial rollout won’t support all of our Blogger users, we wanted to take the first step to make HTTPS available for Blogspot; for those users who want to try it early,” said Google software engineer Jo-el van Bergen in a post published on Google’s Online Security Blog. “We’re rolling this out gradually and Blogspot authors interested in enabling HTTPS support can begin opting-in today.”

Van Bergen said enabling HTTPS on blog is as simple as selecting “Yes” on the Blogger settings page.

blogger https

“Unfortunately, blogs with custom domains are not supported in this first version,” van Bergen said. “Once enabled, your blog will become accessible over both HTTP and HTTPS connections. Blogspot authors should be aware that if they choose to encrypt at this time, some of the current functionality of their blog may not work over HTTPS.”

Google announced that its Official Google Blog and the Google Online Security Blog are also moving to HTTPS.

Encryption continues to be the defining issue in computer security. Just this week, Apple repackaged its privacy policy, explaining the security and privacy controls available in its products in unprecedented clarity. And like Google, Apple reaffirmed that would never build backdoors into its devices to facilitate government and law enforcement investigations.

The change to secure connections by default gives users a expectation of security and privacy. It certainly doesn’t guarantee that specific sessions can’t be intercepted and decrypted by a man-in-the-middle attack or other techniques, but using SSL makes life harder for most adversaries.

One of the Internet’s largest properties, Reddit, earlier this year announced that it was moving HTTPS only for its sites after last year, it began offering users encrypted connections.

This year, there has been a steady stream of similar moves. In June, Apple began encouraging iOS app developers to move to an HTTPS only model, and this was announced around the same time federal government CIO Tony Scott announced that all government public sites and services would move to HTTPS. Browser makers have also been in on the HTTPS movement; in May, Mozilla announced that it would begin phasing out HTTP connections in Firefox.

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.