Tag: Online

HTTPS or not HTTPS – that is the question

You wouldn’t write your username and passwords on a postcard and mail it for the world to see, so why are you doing it online? Every time you log in to Twitter, Facebook or any other service that uses a plain HTTP connection, that’s essentially what you’re doing.

There is a better way, the secure version of HTTP — HTTPS. That extra “S” in the URL means your connection is secure, and it’s much harder for anyone else to see what you’re doing. But if HTTPS is more secure, why doesn’t the entire web use it?

HTTPS has been around nearly as long as the web, but it’s primarily used by sites that handle money — your bank’s website or shopping carts that capture credit card data. Even many sites that do use HTTPS use it only for the portions of their websites that need it — like shopping carts or account pages.

Web security got a shot in the arm last year when the FireSheep network-sniffing tool made it easy for anyone to detect your login info over insecure networks — your local cafe’s hotspot or public Wi-Fi at the library. That prompted a number of large sites to begin offering encrypted versions of their services on HTTPS connections.

Even sites like Twitter (which has almost entirely public data anyway) are nevertheless offering HTTPS connections. You might not mind anyone sniffing and reading your Twitter messages en route to the server, but most people don’t want someone also reading their username and password info. That’s why Twitter recently announced a new option to force HTTPS connections (note that Twitter’s HTTPS option only works with a desktop browser, not the mobile site, which still requires manually entering the HTTPS address).

Google has even announced it will add HTTPS to many of the company’s APIs. Firefox users can go a step further and use the HTTPS Everywhere add-on to force HTTPS connections to several dozen websites that offer HTTPS, but don’t use it by default.

So, with the web clearly moving toward more HTTPS connections, why not just make everything HTTPS?

There are some practical issues most web developers are aware of, such as the cost of secure certificates, but obviously that’s not as much of an issue with large web services that have big budgets.

The real problem seems to be that with HTTPS you lose the ability to cache. Not really an issue when servers and clients are in the same continent), but people in Australia (for example) looking at UK content will have better experiences when something can be cached and served without a huge response time.

There’s another small performance hit when using HTTPS, since the SSL initial key exchange adds to the latency.

For sites that don’t have any reason to encrypt anything — in other words, you never log in, so there’s nothing to protect — the overhead and loss of caching that comes with HTTPS just doesn’t make sense. However, for big sites like Facebook, Google Apps or Twitter, many users might be willing to take the slight performance hit in exchange for a more-secure connection. And the fact that more and more websites are adding support of HTTPS shows that users do value security over speed, so long as the speed difference is minimal.

Another problem with running an HTTPS site is the cost of operations. Although servers are faster, and implementations of SSL more optimised, it still costs more than doing plain HTTP, while less of a concern for smaller sites with little traffic, HTTPS can add up, if your site suddenly becomes popular.

Perhaps the main reason most of us are not using HTTPS to serve our websites is simply that it doesn’t work with virtual hosts. Virtual hosts, which are what the most common cheap web-hosting providers offer, allow the web host to serve multiple websites from the same physical server — hundreds of websites all with the same IP address. That works just fine with regular HTTP connections, but it doesn’t work at all with HTTPS.

There is a way to make virtual hosting and HTTPS work together — the TLS Extensions protocol — but it’s noted that, so far, it’s only partially implemented. Of course that’s not an issue for big sites, which often have entire server farms behind them. But until that spec — or something similar — is widely used, HTTPS isn’t going to work for small, virtually hosted websites.

In the end there is no real reason the whole web couldn’t use HTTPS. There are practical reasons why it isn’t happening today, but eventually the practical hurdles will fall away. Broadband speeds will improve, which will make caching less of a concern, and improved servers will be further optimized for secure connections.

In the future the main concern won’t just be how fast a site loads, as that’ll become an obsolete consideration, but moreover how well it safeguards and protects our data surely?

(cred’ to WebMonkey for the background detail)


Compare the Meerkat Campaign Results

Since posting my original thoughts and social measurement on the Compare the Meerkat campaign some time ago I’ve been asked a few times about the definitive results. Having been a casual observer of the campaign and measuring via a social media monitoring system only I was not aware of the hard fact around ROI.

However, I have dug around across a few sites and it seems that following are consensus results for the campaign(s) so I thought I would publish them here.

My original posts can be found here:

Compare the Meerkat – Case Study – Part 1

Compare the Meerkat – Case Study – Part 2

Compare The Meerkat Results

As mentioned above these are not numbers direct from Compare The Market, VCCP, or anyone similar who I can authenticate so please take them with the necessary pinch of salt. They are also from quite a few months back as that was all I could dig out from my searches. There was a stat in there around Facebook Fans which I have removed as that was inaccurate.

That said they do seem very impressive and gut instinct makes me think that they could well be in the right ball-park.


So the Anglian Home Improvements mystery Tweeter WAS an employee they tell me

I wrote a post back in June 2010 talking about how my wife and I had been treated to pretty bad service from Anglian Home Improvements during which they had ‘imposed’ rules telling me my wife must be in when they call round as it was ‘company policy’ – clearly I can’t make a decision about patio doors by myself although I am 34 years old.

Anyway, I had a few follow up messages from the guys at Anglian on my blog post about my point of view which was good as they are watching the social space.

I did a bit more research and discovered that there was a Tweeter called DarkenGold that was sending out frequent Tweets such as this one:

DarkenGold Tweet

So, I dropped a comment on my blog musing that maybe, just maybe, that Twitter account just might be an employee…

Anglian told me the following in reply;

“DarkenGold is genuinely having our solar panels fitted to his roof…It’s our first Solar installation and obviously he’s a bit excited about it!”

That was clear to see but didn’t really answer my question did it?

Well same as any bloke I love to be right and on the 7th of October 2010 I got a comment on my blog from John / Karl / DarkenGold (he has a few names it seems) saying:

Blog Comment

He kindly dropped a LinkedIn link to his profile and it turns out he’s the Head of Contact Centre Operations at Anglian Home Improvements.

LinkeIn Profile

Ok, so I gave the guys at Anglian a bit of a hard time about a few areas of their business but you know what – hats off to them for monitoring the social space, getting involved and replying and at the same time trying to launch a bit of a test campaign within the space.

As I always say, it’s better to fail through activity and learn from it than to simply fail through inactivity and therefore learn nothing.

So chaps, thanks for the replies, comments, etc – it’s good to know you’re listening to what’s being said about your brand.

Now go and launch a beautifully thought out social strategy using the channels correctly and being overt about who is who…no more Black Op’s :-)

(and Ps. your Twitter account for DarkenGold has disappeared…)


Social Media Guru Video – too true of many a person we read about

From my good friend @Niiige

Great spot by him. We’re still loving Design Robots from 2009 but when this came out using the same platform (I think) it was just superb.

Guru / Expert / Genius / etc are terms bestowed upon one by others not by putting them in Twitter bio’s or LinkedIn profile info. Self proclaimed Gurus tend not be of a Guru status in the slightest and some may even resemble the guy in the video.

The less of these people around the better for all of us in digital marketing. A lot of social media is just common sense and nothing to be scared of. However a good strategy needs to be carved out and this is when people who have done it before can help.

Not Guru’s just experienced practitioners.


State of The Blogosphere in 2010

One of the biggest questions about the internet since several years is ‘How big is the blogosphere’ or How many blogs are there?. While the answer to the last question almost impossible to count is, BlogPulse currently tracks almost 150 million websites, identified as blogs.

We wanted to know more and decided to analyse more data, such as how much revenue is generated from blogs and what are the key demographics for the blogging publishers. We also were interested in the languages used online and their spread. The result of all this can be found in our State of The Blogosphere infographic.

Source – The Blog Herald


Gray Dudek - 2012
Powered by WordPress
Get Adobe Flash player