occouy2
commented
7 years ago @t-k- I'm talking about the links that are presented when a search is made
Closed poccouy closed 7 years ago
occouy2
commented
7 years ago @t-k- I'm talking about the links that are presented when a search is made
w32zhong
commented
7 years ago @poccouy @occouy2 why is it necessary?
w32zhong
commented
7 years ago @poccouy2 I think MSE is using mostly http, by that I mean MSE will not force you to any https link of its posts. And most likely Google also will give you http links of MSE.
Second I think there are people want trade off security for fast loading, especially for sites not exchanging very important data like MSE or people living out side of US with a slow Internet access like my situation right now.
I will close this issue but welcome any further opinion.
lmffeexd
commented
7 years ago I'm leaving this here because it is somewhat related: A specific rule has been created for your website so that users of the HTTPS-Everywhere plugin will always be redirected to the HTTPS version of your website, even do you correctly configured your site to automatically go to HTTPS, it helps against SSLstriping attacks [1].
And most likely Google also will give you http links of MSE.
But Google announced not long ago that they will be starting to use HTTPS as a ranking signal, and this to "make the Internet safer more broadly. A big part of that is making sure that websites people access from Google are secure."
For your remarks concerning speed, see this nice article https://istlsfastyet.com/?utm_source=wmx_blog&utm_medium=referral&utm_campaign=tls_en_post
In conclusion, the trade-offs are not that big, HTTPS causes no apparent slowness than HTTP, and you're protecting your users by forcing HTTPS.
w32zhong
commented
7 years ago @lmffeexd Approach0 does have HTTPS as default, it is the links that Approach0 directs users to are currently HTTP. This does not affect Google to rank Approach0 as HTTPS site. Just like Google homepage is in HTTPS, but Google will nevertheless direct you to a HTTP site if this site is simply one of your search results.
w32zhong
commented
7 years ago "starting to use HTTPS as a ranking signal" does not mean the search results are all HTTPS links. It just means Google is presumably prioritizing HTTPS sites in search result.
lmffeexd
commented
7 years ago @t-k- Yes, I mentioned that only to show that the current trend in the web is to move all traffic to HTTPS. Soon, Firefox and Chrome will start disabling some features for HTTP websites.
lmffeexd
commented
7 years ago @t-k-
I think MSE is using mostly http, by that I mean MSE will not force you to any https link of its posts.
This has changed, now all SE links will go to HTTPS https://meta.stackexchange.com/questions/292058/network-wide-https-its-time
I think it's time now for you to reconsider applying this enhancement suggestion.
w32zhong
commented
7 years ago @lmffeexd Thank you for bringing up this news.
Now I still do not think it is time to switch to all-https, based on the following reasons:
I am against the idea to force https by manually replacing all http prefix to https in search results. This may be simple to do, however, it does not obey search engine principle, and it is not elegant obviously. That being said, if we switch to crawling https://math.stackexchange.com instead, crawler will save hyperlinks in https but it takes more time to crawl https pages and consequently we may need to re-crawl all document on MSE. I have to mention again that I am maintaining this project in my part-time, crawler is running on a single laptop and network is slow.
Second, approach0.xyz itself is in https, so Google will treat approach0.xzy as https site. Besides, there is no obvious security reason to switch to https search results for a math QA website search engine.
Where are the links you are referring to?