Cookie Notice

As far as I know, and as far as I remember, nothing in this page does anything with Cookies.

2011/04/19

The Down Side to HTTPS Everywhere

HTTPS Everywhere is a project of the Electronic Frontiers Foundation (EFF) that seeks to encourage the use of encryption on the web, including a Firefox Add-On that changes links to HTTPS for sites such as Twitter and Facebook. I've mentioned this before, and I still think it's a great idea.

Google has released an encrypted site, https://encrypted.google.com/, where your queries and responses are protected by encryption. But they don't support it for Images and Map queries. And I think I know why.

A browser can only have n connections to a website at one time. I think that's generally eight. This means that, if you have an image-heavy site, such as Google Image Search, you can only serve the page, the Javascript, the favicon, and five images, and you have to wait until that's done before you can start working on images six through thirteen, and you need to have all the images there before you can render. The trick is to have a Content Delivery Network (CDN), or a bunch of other servers to serve the images. That way, you can download eight at a time from each node and get 'em as fast as the network will let you.

But, if you have an HTTPS-served page, the browser considers everything not coming from that server as a potential breach, as well it should. This means that CDN is a huge problem. That, I think, is why Google isn't using HTTPS Everywhere.