Allowing whole site to use HTTPS

During my stint as the webmaster for EFF, there were many civic uprisings across the world that were organized with Twitter or Facebook.  Many dissidents were jailed because they were able to be easily monitored by repressive governments via unencrypted HTTP traffic. 

We started a campaign to get those and other sites with a massive user base to offer a version of their site using HTTP Strict Transport Security (HSTS)

We were successful in getting Twitter, Facebook and many organizations to jump on the HSTS bandwagon (even Google!). We created a browser plugin, HTTPS-Everywhere which, when present in your browser, automatically grabs the HTTPS version of a site if it is available. 

Using HTTPS is safer than using HTTP. We trust HTTPS to encrypt all of our financial transactions, but use of HTTPS doesn't have to be limited to just those times you have your credit card in your hand.

I would like to be able to make my entire site HTTPS-secure, as well as all of the sites I create.  I think this feature may not have obvious value to most users who are safe and secure in a country like ours. However, not all of the world nor perhaps all of NationBuilder's users are protected by our First Amendment.

considering

We've been looking into this for some time. It's quite involved, but thanks to a broader move throughout the industry (including Google's recent announcement), it looks like we will be able to do this. No timeline yet.

Official response from

Share this post

Showing 148 reactions

How would you tag this suggestion?
Please check your e-mail for a link to activate your account.