If you take a look at our URLs when you visit WWOZ.org, you'll notice that they're all encrypted (e.g., they all begin with https:// instead of http://), even our streams.
We made the decision to switch for a number of reasons:
- It promotes internet security with bidirectional encryption and authentication; see the Wikipedia passage below.
- Apple will require encryption for iOS apps, so our streams required encryption to update our iPhone app.
- Google is encouraging an "all encrypted web" by proposing to alter its search algorithm to reward encryption, and to prominently mark unencrypted sites in search results.
A couple of other tidbits:
In its popular deployment on the internet, HTTPS provides authentication of the website and associated web server with which one is communicating, which protects against man-in-the-middle attacks. Additionally, it provides bidirectional encryption of communications between a client and server, which protects against eavesdropping and tampering with or forging the contents of the communication. In practice, this provides a reasonable guarantee that one is communicating with precisely the website that one intended to communicate with (as opposed to an impostor), as well as ensuring that the contents of communications between the user and site cannot be read or forged by any third party.
From the Google security blog:
A substantial portion of web traffic has transitioned to HTTPS so far, and HTTPS usage is consistently increasing. We recently hit a milestone with more than half of Chrome desktop page loads now served over HTTPS. In addition, since the time we released our HTTPS report in February, 12 more of the top 100 websites have changed their serving default from HTTP to HTTPS.