Online Privacy: Entire FTC Web Site Now Using HTTPS by Default

n another step to enhance the FTC’s website, I’m pleased to announce that our agency has enabled encryption by default (HTTPS) for ftc.gov, our primary public domain, and home of the Tech@FTC blog.
Ironically, as I was preparing this post, the entire internet has been Freaking out about another vulnerability in SSL.
While we have long  provided secure transport for FTC domains that handle sensitive consumer data, such as complaint data and email subscriptions, consumers will now browse our entire site more privately, and their browsers will automatically verify the identity of the website to which they’re connecting – an important step to mitigate attempts to impersonate the FTC.
[Clip]
Transit encryption is an important safeguard against eavesdroppers and has been the subject of previous investigations where we alleged companies failed to live up to their security promises when collecting personal information. It’s an important step when websites or apps collect personal information, and is a great best practice even if they don’t.

Read the Complete Blog Post
See Also: The First .Gov Domains Hardcoded Into Your Browser as All-HTTPS (February 11, 2015)
See Also: Attack of the week: FREAK (via Matthew Green)
See Also: ‘Freak’ Flaw Undermines Security for Apple and Google Users, Researchers Discover (via WaPo)

Filed under: Data Files, News, Patrons and Users