- How to live stream the 2020 Grammy Awards Today 7:00 AM
- Technology created deepfakes—does it have a way to stop them, too? Today 6:30 AM
- SESTA-FOSTA is ‘detrimental’ to sex workers’ safety, study confirms Today 6:00 AM
- Jeff Bezos’ girlfriend allegedly sent his nudes to her brother, who then leaked them Saturday 6:38 PM
- This Instagram account catches influencers in the wild Saturday 5:42 PM
- The best upcoming video games to look out for in February 2020 Saturday 5:23 PM
- TikTok teens use AirPods and Google Translate to secretly talk in class Saturday 4:32 PM
- Video shows corpses of coronavirus victims lying in China hospital Saturday 3:44 PM
- Kid meets Slipknot after drumming video goes viral Saturday 2:30 PM
- Channing Tatum responds to troll who tried to compare Jenna Dewan and Jessie J’s looks Saturday 1:46 PM
- Grindr pulls an ‘I don’t know her’ after Eminem suggests he uses the app Saturday 12:48 PM
- Here are the top 10 most popular Instagram models in 2020 Saturday 12:21 PM
- ‘The Chilling Adventures of Sabrina’ takes its characters on a fantasy adventure to Hell in season 3 Saturday 11:37 AM
- Woman no longer in sorority, school after racist MLK post Saturday 10:45 AM
- Netflix’s ‘Miss Americana’ starts to deconstruct the myth of Taylor Swift Saturday 10:32 AM
When the Canadian Journalists for Free Expression (CJFE) decided it was time to encrypt their website with HTTPS, they came up against a barrier: a $12,000/year price tag from their hosting provider.
Like many NGOs and political parties, Toronto-based CJFE uses the popular Nation Builder hosting platform, which offers site-wide “Custom domain SSL” only to their Enterprise level customers, at a cost of $999 per month—just shy of $12,000 per year.
HTTPS prevents third parties from snooping on web traffic—for instance, to steal credit card details—but also anonymizes which pages on a particular website a user is reading, a necessary feature for a news site, or an organization of journalists who promote free expression.
Encrypting a website with HTTPS also makes it more difficult for third parties, like the NSA, to intercept web traffic and inject malware. The NSA’s QUANTUM program can mass hack millions of computers by exploiting unencrypted HTTP connections.
“Whether it’s people worried about the NSA under Trump or journalists circumventing repression abroad, we need to provide secure access to our content,” Kevin Metcalf, the CJFE’s communications coordinator, told the Daily Dot. “Nation Builder asking $12,000 a year is far too much for that very basic feature.”
In the more than three years since NSA whistleblower Edward Snowden came forward, encryption has ceased to be a luxury and become a necessity. In 2014, Google announced that websites that failed to deploy HTTPS would be punished with lower page ranks in the search engine’s algorithm. Even the U.S. government, not known for its encryption-savvy, announced in 2015 that all .gov websites were moving to HTTPS by the end of that year.
Installing an SSL certificate, more correctly termed a TLS certificate, on a web server enables HTTPS for a given website.
The cost of purchasing a TLS certificate has dropped to zero. Let’s Encrypt, a new certificate authority, began issuing fully-automated free Domain Validated (DV) TLS certificates in 2015, and so far has issued nearly 16 million certificates.
WordPress.com, another content management platform, deployed Let’s Encrypt TLS certificates for all their clients with custom domains in April, 2016.
In a brief email statement, Nation Builder passed the buck.
“We want to provide SSL to all customers,” Jim Gilliam wrote. “Because of the political nature of the work that our customers do, we use Akamai extensively to prevent distributed denial-of-service attacks. They have stated public support for Let’s Encrypt, but have yet to roll out any offerings.”
However, Akamai told the Daily Dot that they have offered Let’s Encrypt certificates in production since December, 2015. “We have numerous customers using Akamai-managed DV certificates issued by Let’s Encrypt on our platform,” Rajiv Aaron Manglani, Senior Product Line Manager at Akamai, wrote in an email.
“Akamai is a proud supporter of Let’s Encrypt,” Rob Morton, director of public relations at Akamai, wrote in an email. “We support a range of cost effective certificate options, including DV certs for those customers that require it. By policy, Akamai does not comment on other companies’ businesses or business practices.”
Nation Builder declined to provide additional technical details regarding what they mean by “Custom domain SSL.” However, many of their customers deploy Extended Validation (EV) certificates, which turn on a web browser’s “green bar” in the address field. Nation Builder may also offer Organization Validated (OV) certificates.
“Getting and managing DV certificates can be fully automated, whereas that’s not the case for OV and EV certificates,” Josh Aas, executive director of the Internet Security Research Group, which manages Let’s Encrypt, told the Daily Dot. “Whatever their value, and that probably varies from person to person or org to org, OV and EV won’t scale to secure every website on the web.”
“We think every site on the web should be encrypted,” he added. “It would be great if SSL was standard across [Nation Builder’s] offerings.”
Update 2:25pm Nov. 27: National Builder announced this month that it plans to upgrade all websites with custom domains to SSL encryption.