Support road.cc

Like this site? Help us to make it better.

Back to news
news
Community
road.cc goes https – what does that mean for you? road.cchttps

road.cc goes https – what does that mean for you?

Hopefully nothing, but this is the internet…
by Tony Farrelly
Fri, Jul 20, 2018 10:20
6

The url to road.cc has changed in the last few days – hopefully if you’ve noticed at all it’s just that a little padlock symbol has appeared next to the road.cc url in your browser.

That's how it should be.

However, in a small number of cases if you’ve got road.cc bookmarked or it's cached in your browser you may experience a problem logging in - basically because you’re being directed to the old http version of the site.

You should be able to cure the problem by flushing your browser cache OR even more simply by opening road.cc in a new tab. Your bookmark should start to work as normal in a couple of days when the http version of the site becomes no longer accessible.

Although we haven't migrated road.cc's sister sites over to https yet some users of the road.cc Fantasy Cycling site may also be having problems logging in if they have recently changed their password - we're working on a fix to that right now.

If you have experienced any problems logging in we are really sorry… Google made us do it, even though from a security point of view it was a total waste of everybody’s time and may have caused you some difficulty accessing the site.

https
road.cc
Tony Farrelly

road.cc's founder and first editor, nowadays to be found riding a spreadsheet. Tony's journey in cycling media started in 1997 as production editor and then deputy editor of Total Bike, acting editor of Total Mountain Bike and then seven years as editor of Cycling Plus. He launched his first cycling website - the Cycling Plus Forum at the turn of the century. In 2006 he left C+ to head up the launch team for Bike Radar which he edited until 2008, when he co-launched the multi-award winning road.cc - finally handing on the reins in 2021 to Jack Sexty. His favourite ride is his ‘commute’ - which he does most days inc weekends and he’s been cycle-commuting since 1994. His favourite bikes are titanium and have disc brakes, though he'd like to own a carbon bike one day.

Add new comment

6 comments

Avatar
Another Martin H | 6 years ago
0 likes

Double post

Avatar
Another Martin H | 6 years ago
1 like

Another advantage of https is that it makes it harder for your company's IT department to tell exactly what you're posting on road.cc. If they didn't already have a keylogger installed.

Avatar
hawkinspeter replied to Another Martin H | 6 years ago
1 like

Another Martin H wrote:

Another advantage of https is that it makes it harder for your company's IT department to tell exactly what you're posting on road.cc. If they didn't already have a keylogger installed.

Yes, but they can still tell which site you're visiting (you need a VPN to get round that). Actually, lots of companies will install a root certificate into all their equipment so that they can do a MITM (Man in the Middle) attack and thus see all your web traffic in the clear.

Avatar
captain_slog | 6 years ago
0 likes

This probably has something to do with a change to Google's Chrome browser that means it's going to start flagging non-HTTPS sites as insecure.

I don't think it's pointless, as it means log-in details will now be encrypted.

Avatar
hawkinspeter replied to captain_slog | 6 years ago
2 likes

captain_slog wrote:

This probably has something to do with a change to Google's Chrome browser that means it's going to start flagging non-HTTPS sites as insecure.

I don't think it's pointless, as it means log-in details will now be encrypted.

Encrypting sensitive information (e.g. log-in details) is one aspect of it, but I'm a firm believer in using HTTPS for everything by default. I didn't notice that Road.cc didn't force HTTPS, but then I've been using the "HTTPS Everywhere" extension for a long time (it's produced by the Electronic Frontier Foundation - EFF.org).

The problem with using plain HTTP is that anyone between your browser and the website can intercept and change the web-pages. BT famously conducted a secret trial of the PHORM technology to change the adverts displayed on customers' browsers: https://en.wikipedia.org/wiki/Phorm . Using HTTPS prevents those kind of shenanigans.

Avatar
hawkinspeter | 6 years ago
2 likes

Nice work.

Can't you fix the "bookmarked http" issue by doing a simple redirect?

I use the following snippet in NGINX web servers to do it:

location / {
  return 301 https://$server_name$request_uri;
}

That way any http request will just get translated to the same url over https (the 301 code is a permanent redirect so hopefully the browser will update its bookmark).

 

Latest Comments