If you’re reading this, then congratulations! You have successfully accessed AnandTech over HTTPS.

I’m pleased to announce that as of this afternoon, all AnandTech pages and websites are now being served over HTTPS, allowing us to offer end-to-end transport encryption throughout the site. This is part of a larger project for us which started with moving the AnandTech Forums over to the XenForo software package and HTTPS last year; now it’s AnandTech main site to receive a security treatment of its own.

This update is being rolled out both to improve the security of the site, and as part of a broader trend in site hosting & delivery. From a site operations point of view, we’ve needed to improve the security of the user login system for some time so that usernames and passwords are better protected, as the two of those items are obviously important. Meanwhile, although AnandTech itself is not sensitive content, the broader trends in website hosting is for all sites regardless of content to move to HTTPS, as end-to-end encryption still enhances user privacy, and that’s always a good thing.

With today’s update, we’re now serving all pages, images, and other local content exclusively over HTTPS. This also includes redirecting any HTTP requests to HTTPS to ensure a secure connection. Overall, the hosting change should be transparent to everyone – depending on your browser, this even eliminates any security warnings – and site performance is virtually identical to before, both on the server side for us and on the client side for you. In other words, a true upgrade in every sense of the word.

However in the unlikely event that you do encounter any issues, please let me know. Leave a note here in the comments, email me, send a tweet, etc. If something is amiss, we want to fix it as quickly as possible.

Finally, I want to quickly thank our long-time developer John Campion, DB guru Ross Whitehead, hosting master Alec Ginsberg, and the rest of the AnandTech/Purch development team for working on this project. While today’s update is transparent at the user level, a lot of work was necessary on the backend to make this as seamless as possible and to make it work with third-party content (ads, JS libraries, etc). So none of this would be possible without their outstanding efforts.

POST A COMMENT

86 Comments

View All Comments

  • Threska - Monday, September 18, 2017 - link

    Maybe something CCleaner could have used? Reply
  • IndianaKrom - Monday, September 18, 2017 - link

    Please tell us you aren't using the same Symantec root certificate that google is going to stop trusting in Chrome 66 around April 2018... Reply
  • Ryan Smith - Monday, September 18, 2017 - link

    We are not using an affected certificate. Google is only distrusting certificates before June 1st, 2016. (Our certificate was issued on August 2nd, 2017) Reply
  • DanNeely - Tuesday, September 19, 2017 - link

    Google has backed down a lot on the initial ban hammer; which would've forced all of Symantecs customers (and since they owned several of the biggest CAs that was a lot of sites) to find a new CA entirely. Symantec has sold its certs business to Digicert; who will be able to issue new certs for all of the remaining Symantec customer base by not later than December 1 of this year. That means that former Symantec customers will just need to expedite deploying new certs to keep their sites running.

    https://www.digicert.com/blog/digicert-to-acquire-...
    https://security.googleblog.com/2017/09/chromes-pl...
    Reply
  • Tadashi130 - Monday, September 18, 2017 - link

    I'm glad this happened. Good job. Reply
  • CharonPDX - Tuesday, September 19, 2017 - link

    Damn, no more browsing AnandTech on my Macintosh SE running Netscape Navigator 2.0..... Reply
  • twotwotwo - Tuesday, September 19, 2017 - link

    Could be the placebo effect, could be the HTTP/2 and SPDY that are HTTPS-only, but it feels like stories load a tiny bit more snappily now! Reply
  • jimbo2779 - Tuesday, September 19, 2017 - link

    Ryan, just an FYI; Images aren't loading on Windows Mobile 10.

    I know this probably makes up a vast majority of your userbase so figured you should be notified right away :)
    Reply
  • jimbo2779 - Tuesday, September 19, 2017 - link

    I spoke too soon, they are showing now. Reply
  • mark53916 - Tuesday, September 19, 2017 - link

    Nice thate you are HTTPS, but the "login form" is insecure according to Chrome running on Windows 7. The message even appears when you haven't actually clicked to login. This has been going on for more than a year. Reply

Log in

Don't have an account? Sign up now