• Lab
  • AndroidForMobile Foundation at
    With in-article chat bots, BBC is experimenting with new ways to introduce readers to complex topics
    ABOUT                    SUBSCRIBE
    April 28, 2016, 12:15 p.m.
    Reporting & Production

    Wired’s making the long and slow switch to HTTPS and it wants to help other news sites do the same

    With its HTTPS implementation, Wired’s starting with its security vertical and for users who pay for the ad-free version of the site.

    When it comes to security best practices, most publishers are better at writing about them than actually implementing them.

    For years, researchers , a more secure, encrypted alternative to HTTP that both prevents digital eavesdropping and assures readers that the site they’re reading hasn’t been altered by governments or criminals. And while a handful of sites such as The Washington Post, Vice News, TechDirt, and The Intercept have made the switch, . (Web users can spot sites with HTTPS by the small lock that appears in their browser’s address bar.)

    Joining that small, secure group is , which says it’s making the switch to HTTPS starting with its and for users who pay for the ad-free version of the site. It plans to bring the feature to the rest of Wired.com over the next few weeks.

    Wired made the move in order to help lead the news industry’s push to HTTPS and to give Wired.com readers a little bit more assurance that their reading experience is secure, according to , Wired’s application architect. “We want to give readers that encryption guarantee. It’s important for them to know that they’re actually visiting Wired.com and that no one is tampering with content while it’s in flight to their browser,” he said.

    While that’s a noble cause, actually making it happen is another matter. Switching a site over from HTTP to HTTPS can take hundreds of hours from start to finish, a job that most publishers aren’t willing, or don’t have the engineering resources, to pull off. Technically, the biggest part of making the switch is as simple as swapping every mention of http to https in a site’s code, but that process means auditing the entire codebase that makes up publishers’ sites. Even The Washington Post, which started last year, hasn’t completely finished the process yet.

    “This is not a small job. It takes time and a big lift from a lot of people to organize it, but you have to make that decision that it’s important to you and push for it,” Tollman said.

    While some smaller publishers have switched over to HTTPS in recent years, the job is far more difficult for a bigger site like Wired, which has content going back for over 20 years, most of which was initially published on different content management systems. Big news sites are also extremely complex. In the switch over to HTTPS, Wired had to rope in people from its product, engineering, editorial, analytics, and advertising teams. It’s a process that took roughly 160 hours over the course of three months, said Tollman.

    The biggest challenge, however, was advertising. While some ad networks and exchanges support HTTPS, adoption is spotty. This means that publishers that rush to switch to HTTPS risk not being able to work with certain ad partners, which in turn means potentially losing out on revenue. That’s a tough sell for most media organizations already fighting to make ends meet.

    Wired’s strategy to mitigate the risks of the HTTPS hurting its ad deliver is to make the rollout slowly, starting with one section and gradually expanding it to others. “We’re only risking ad impressions on that one vertical,” Tollman said. Wired also hopes readers will tell them if they spot anything wonky with the HTTPS version of the site, which it’s initially offering the feature to its paid users, which it says are its most engaged readers mostly likely to be willing to help. (The Washington Post, which started the process of switching to HTTPS last summer, used a similar tactic. It first implemented the feature for its internal users, before adding it to its national security and tech policy coverage.)

    Ultimately, the goal of the move is to help other publishers make the switch as well. Wired plans to be transparent about its switching process and will share both its insights and even some code. “We know there are a lot of challenges here that people are not aware of when they’re first starting out. With HTTPS, we want Wired to be there, but also want the whole web to be there as well,” Tollman said.

    Photo by used under a Creative Commons license.

    POSTED     April 28, 2016, 12:15 p.m.
    SEE MORE ON Reporting & Production
    Join the 45,000 who get the freshest future-of-journalism news in our daily email.
    With in-article chat bots, BBC is experimenting with new ways to introduce readers to complex topics
    “For us, this is a way to let people read and ask questions at their own pace, instead of having them read through long screens of text. Often people aren’t engaged in stories because they haven’t had the right context.”
    Can we keep media literacy from becoming a partisan concept like fact checking?
    Plus: Screen time debates, and what the data says about kids and smartphones.
    After years of testing, The Wall Street Journal has built a paywall that bends to the individual reader
    Non-subscribers visiting WSJ.com now get a score, based on dozens of signals, that indicates how likely they’ll be to subscribe. The paywall tightens or loosens accordingly: “The content you see is the output of the paywall, rather than an input.”