From HTTP to HTTPS

Since the launch of our community discussion forum there was a push from our community members to make the forum more secure by serving through HTTPS (Hyper-Text Transfer Protocol Secure) instead of HTTP.

The problem with HTTP is that all the request - response from browser to the server and vice-versa are carried as a plaintext. So if someone is snooping over the network then all the data packets on the network are transparent to the eves-dropper. In fact this is one of the way through which mass surveillance is carried out.

HTTPS enables end-to-end encryption between the web client (i.e browser, email clients, etc.,) and the web server which prevents any snooper from obtaining a copy of the network data. Only the server understands what client is requesting and vice versa. Though HTTPS is out there for a long time, it's not easy to obtain a SSL/TLS certificate to implement HTTPS on a website.

Because,

  1. Industry grade SSL certificates are monetized, i.e one have to pay money to obtain certificates from certificate authorities.
  2. Configuring web server to use the obtained certificate was not easy.

The Internet was already under attack by private and government agencies like NSA, GCHQ, etc., and we all know what Edward Snowden and Julian Assange have revealed about mass surveillance. This is when a organization named Lets Encrypt was formed to protect the privacy on the Internet which provides HTTPS certificates for free.

So we obtained HTTPS certificates from Lets Encrypt and now not only our community forum, but also our website are also served through HTTPS.

We also encourage everyone whoever owns a domain name to make your website available under HTTPS.