XBIZ 2017: Panel Advocates HTTPS Migration

XBIZ 2017: Panel Advocates HTTPS Migration
Rhett Pardon

WEST HOLLYWOOD, Calif. — The Free Speech Coalition on Thursday hosted a panel discussion at XBIZ 2017 about how webmasters can better secure their sites with the HTTPS protocol.

Chaturbate and Camgasm’s Shirley Lara, Firefox’s Selena Deckelmann, Center for Democracy & Technology’s Brian Wesolowski and Wired.com’s Zack Tolman discussed the new secure HTTPS standard along with the risks — hacking, malware and other cyberattacks — for those sites that continue to use HTTP.

In the symposium moderated by the FSC’s Eric Leue, each of the panelists advocated for all sites to migrate past the HTTP protocol to HTTPS, with its built-in security.

Leue said that the FSC began working with the CDT and others six months ago after a report showed that many adult sites were vulnerable to hacking.

Without the HTTPS protocol, adult sites of all sizes have suffered security breaches that have resulted in pirated content, exposed user databases and millions of dollars in lost income, Leue remarked at the Rooftop Ballroom at the Andaz in West Hollywood.

“The HTTPS protocol is something every webmaster should be moving toward,” Leue said. 

To date, Leue said, some of the most-popular sites — Chaturbate.com, Kink.com, XVideos.com and xHamster.com — have jumped over to HTTPS.

“To have privacy online, you must have security,” Wesolowski said. “When you look in the browser field, if it is in the lock mode the site is encrypted and secure. If it is not, the user is vulnerable.

“The HTTPS standard means you can’t see parts of a website that users are visiting,” he said. “We’ve seen that the most sites that aren’t secure are adult sites and news sites … and we’re working with both to make sure their sites don’t face threats. It’s clear that site security is good for businesses and their visitors.”

“The big thing to know about Mozilla is that the reason why we exist is to create a healthy and open-to-all accessible internet,” Deckelmann said. “And we believe, in particular, that individual security and privacy is critical to that, and HTTPS is the foundation of that for us.”

“We do that by working on policy, standards of the internet, and we try to work with the larger tech companies like Google, Apple and Microsoft to move security forward,” she said.

“It is pretty notable that the adult industry is pretty behind the curve — but several adult sites have migrated to HTTPS,” she said.

Deckelmann went on to display to the seminar’s audience the coding of sites that operate only with HTTP.

“Here are some of the things that could be exposed if someone is spying on you through the packets that go back and forth on the internet, through a Wi-Fi network, if using HTTP — email, user name, password, date of birth, location and sex. And you can see every piece of content that the user displays.”

Web companies might find it tedious to migrate over to HTTPS, particularly those that have mixed content — sites dishing out content with both the HTTP and HTTPS protocols — but Deckelmann noted there are plenty of resources to help companies move over to a secure-site environment.

Tolman said that Wired recently moved its entire news site over to HTTPS, and that it was done with risk mitigation in mind.

“There is some concern moving your site over,” Tolman said. “Being the main technical guy of this large organization I asked myself, ‘Could I undermine our whole operation if I screw this thing up?

“Our chief concerns were ad deliverability, SEO and site speed. With implementation of HTTPS, we needed to knock it out of the park in each of those three areas,” he said.

Ad deliverability was the biggest concern, Tolman said.

“When we launched this initiative, we were told from our internal teams that all of the materials in ads pushed to us from ad networks — every aspect, including fonts, video, etc. — were HTTPS. But I had a healthy skepticism about that because of the sheer volume and quality assurance issues that apply with materials distributed on the internet.”

As for SEO, Tolman said, “We had a sharp dip, but we saw traffic recovered in four weeks. We weren’t undermined.”

Site speed in the metrics it was analyzing with the move to HTTPS was not an issue, he noted. “In fact, there is new technology with HTTPS that enables us to see even better speeds,” he said.

“In the end, the move over to HTTPS has not affected our business and has put us on a path to be able to take advantage of some of the new and exciting features that it offers,” he said.

Lara of Chaturbate and Camgasm said that her company was convinced that HTTPS was the way to go after her senior developer stood up at a meeting and said, “All security is a joke unless you have HTTPS.”

“So, we made the switch,” Lara said. “I’m not going to way it was easy; it was more tedious than we anticipated it to be.”

Lara noted that some of the difficulty was integrating its complex portal because Chaturbate uses open-source code that allows members of the community to develop their own accounts and bots.

“We encourage everyone else to make the switch,” she said.

Pictured: Firefox’s Selena Deckelmann, Wired.com’s Zach Tolman and the FSC’s Eric Leue.

Related: