Tech

The Wire Has Moved To HTTPS. This is Why.

With HTTPS, our journalists are assured that the stories they produce will reach their readers in the form they were intended irrespective of how sensitive or controversial their contents are.

Moving to HTTPS also lets us do our job as journalists with that much more focus and peace of mind. Credit: marleahjoy/Flickr, CC BY 2.0

Moving to HTTPS also lets us do our job as journalists with that much more focus and peace of mind. Credit: marleahjoy/Flickr, CC BY 2.0

From December 16, The Wire started serving its website’s contents over HTTPS, a protocol on the web that makes information transmitted between different objects on a network more secure. HTTPS colloquially stands for ‘HTTP Secure’, HTTP being the protocol that dictates how a browser communicates with a server to send and receive information about a website it is loading. With HTTP alone, the information is exposed to able interceptors when moving between the browser and the server. With HTTPS, this information is encrypted using the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocol, rendering it incorrigible to everyone except its intended recipients.

An HTTPS connection effectively states that the website and the server it is communicating with have both been authenticated using a digital certificate. With it in place, an eavesdropper can’t see what articles individual readers are searching for or accessing on the site – nor can a network inject scripts on the site to display ads (the way it happened with Airtel 3G, an Israeli company and a Bangalorean blogger in June 2015). Moreover, as Edward Snowden revealed in 2013, third-party agencies like the American NSA can’t probe The Wire‘s traffic for insights without letting us know first.

This note from the Electronic Frontier Foundation discusses a variety of other threats that an HTTPS connection protects users from. And as a news site, it is also pertinent that Google search and Google News both prefer to display results that are served over HTTPS connections.

Overall, the shift signals to our readers that accessing The Wire is safe – wherever they choose to do that from. To be sure, an eavesdropper can still access the connection’s metadata (the amount of time you spend reading a page on The Wire, the size of the pages being loaded, etc.), but this information is not as sensitive as the particulars of what you’re consuming.

It is important for us at The Wire to ensure that the contents of our site are not tampered or interfered with. This achieves two things: first, our readers are promised data integrity and security; second, our journalists are assured that the stories they produce will reach their readers in the form they were intended irrespective of how controversial their contents are. This two-way protection ultimately safeguards what a UN Special Rapporteur has called a fundamental human right: the right to encryption.

Moving to HTTPS also lets us do our job as journalists with that much more peace of mind. In the first dozen or so days of December, it had emerged that the email accounts of Barkha Dutt and Ravish Kumar, both NDTV journalists, as well as of Congress vice-president Rahul Gandhi and the absconding businessman Vijay Mallya had been breached by hackers. It was unclear if the same agents had gained unauthorised entry into all these accounts – but just the fact that they chose to target journalists is cause for concern. So while The Wire‘s email servers are hosted by Google, it is only fair that at a time like this, we get serious about the security of our site as well.

Going HTTPS is one step in that direction.

  • Parantap Bhatt

    Good thinking, prompt decision.

  • K SHESHU BABU

    Hopefully, this positive move will ‘ safeguard’ the site and all those well – wishers connected with. Fundamental rights of expression must be upheld at any cost . Wishing all the best …

  • Makingthedeafhear

    Is the Wire serious?….”So while The Wire‘s email servers are hosted by Google…..”Honestly Mr Varadarajan!,Google is completely in bed with the National Security State and Intelligence agencies.Despite protestations to the contrary data is shared with these entities.You locked the front door and kept the back door open!Do something about the server!

    • JargonLess

      The main threat today to The Wire and the other independent thinkers in India seems to be from the Indian state. As a case in point, consider the recent and inexplicable charge of murder and rioting that has been filed against the spouse of one of the editors of The Wire.

      Given the increasingly hostile environment towards free expression in the country, it seems prudent that The Wire has chosen to host its data outside of the government’s reach. The choice of hosting provider also seems to be a prudent one; they have chosen an organization with a prior track record of pushing back on unreasonable demands. You might want to look up the many court cases that have been slapped on Google by the Indian state.

  • JargonLess

    Incidentally, Google offers news publishers (free) protection against DDOS attacks. You might want to consider signing up for their ‘Project Shield’, if you have not done so already (https://projectshield.withgoogle.com/public/).

    A SecureDrop instance for handling submissions would also be a good addition to the site.

  • poonam

    good thinking