Online Privacy: Entire FTC Web Site Now Using HTTPS by Default
n another step to enhance the FTC’s website, I’m pleased to announce that our agency has enabled encryption by default (HTTPS) for ftc.gov, our primary public domain, and home of the Tech@FTC blog.
Ironically, as I was preparing this post, the entire internet has been Freaking out about another vulnerability in SSL.
While we have long provided secure transport for FTC domains that handle sensitive consumer data, such as complaint data and email subscriptions, consumers will now browse our entire site more privately, and their browsers will automatically verify the identity of the website to which they’re connecting – an important step to mitigate attempts to impersonate the FTC.
Transit encryption is an important safeguard against eavesdroppers and has been the subject of previous investigations where we alleged companies failed to live up to their security promises when collecting personal information. It’s an important step when websites or apps collect personal information, and is a great best practice even if they don’t.
Read the Complete Blog Post
See Also: The First .Gov Domains Hardcoded Into Your Browser as All-HTTPS (February 11, 2015)
See Also: Attack of the week: FREAK (via Matthew Green)
See Also: ‘Freak’ Flaw Undermines Security for Apple and Google Users, Researchers Discover (via WaPo)
About Gary Price
Gary Price (email@example.com) is a librarian, writer, consultant, and frequent conference speaker based in the Washington D.C. metro area. He earned his MLIS degree from Wayne State University in Detroit. Price has won several awards including the SLA Innovations in Technology Award and Alumnus of the Year from the Wayne St. University Library and Information Science Program. From 2006-2009 he was Director of Online Information Services at Ask.com.