An Open Letter to News Sites

26 out of 26 top U.S. news sites still don't use HTTPS

Dear News Sites,

Two years after whistle-blower Edward Snowden leaked evidence of mass-surveillance programs, you still are not protecting your readers from the dragnet surveillance about which you original published. 26 out of 26 of your top U.S. media sites, including The New York Times and CNN, do not use https, a popular encryption standard. Even your tech-savy news publications like Ars Technica and Wired don't use https.

This shit has to change.

It's embarrassing, hypocritical, and actively harms both your readers and yourselves when you don't use https. When visiting your website over an unencrypted connection, readers are basically disclosing to anyone who is listening that they are interested in the article they are reading, and you are opening yourselves up to revenue stealing by third parties.

This isn't just state-level spying. If someone is reading one of your articles on a coffee shop's open wifi network, anyone else listening on the network can see and modify the article they are seeing. Also, a reader's ISP can modify the article as well. There's quite a lot (ironically, all of those news links don't use https) of published history on ISPs doing this sort of content manipulation, which not only harms users, it can steal ad revenue from you.

So how can we convince you to switch to https? Why are you so far behind other media sites?

Is it the ad networks? Is it the CDNs? Is it the CMS systems you use? Please, tell us. If there are technical roadblocks, the tech community would be happy to help. I'm sure you will find many volunteers to help you make the switch if you ask for help. It's time you get your shit together and start using https. We need a secure fourth estate.

Sincerely,

Daniel Roesler, volunteer for Restore the Fourth SF

Published 2015-06-12 on daylightpirates.org