WordPress.com to Implement SSL for All Subdomains, Joins the Fight Against Mass Surveillance

reset-the-net

Today Automattic joins Google, Mozilla, Twitter, Reddit, and other companies across the web in announcing its support for Reset the Net campaign against mass surveillance, which takes place on the internet today.

Because the NSA continues to exploit weak links in internet security in order to spy on the world, the only way for companies to fight back is to build better security into their products. The campaign encourages citizens to commit to using apps that protect their devices from prying government eyes.

In an effort that goes far beyond simply displaying a banner, Automattic announced that it will be implementing SSL for all *.wordpress.com subdomains by the end of the year. Paul Sieminski, General Counsel for Automattic, reaffirmed the company’s commitment to secure the connection between users and WordPress.com websites:

If we’ve learned anything over the past year, it’s that encryption, when done correctly, works. If we properly encrypt our sites and devices, we can make mass surveillance much more difficult.

As of May this year, 409 million people view more than 14.5 billion pages each month on the WordPress.com network, which includes Jetpack-enabled self-hosted sites. By the end of the year, SSL will be in place for anyone viewing a site hosted on WordPress.com. It’s important to note that SSL is already forced for WordPress.com admin areas.

If you want to join in this historic push to secure the web, visit Reset the Net to learn about specific ways that you can protect yourself and others to make mass government surveillance more difficult. Self-hosted WordPress sites can join in the campaign with the Reset the Net splash screen plugin, available for free on WordPress.org.

11 Comments


  1. Awesome to see Automattic fighting back again.

    It’s stuff like this that makes me proud to be in the WordPress community.

    Report


  2. Hmm, it seems valiant effort from part of WordPress, but with the vast resources NSA and others have, it is not like they cannot come up with another way to do what they want.

    Report


  3. Great, disable Gravatar while you’re at it as well. Stop spying on WP users yourself =)
    Though its funny, government should not spy, but its ok if private companies do it ;).

    Report


    1. Automattic can’t avoid the ability to spy on it’s own customers. That’s just the nature of hosting websites.

      Report


      1. Gravatar is not part of the hosting part its a separate service with a crappy privacy policy. Gravatar is integrated into WP core and probably violates the privacy laws in a bunch of countries.

        Report


      2. Most people don’t choose to interact with their services. They are unwillingly forced into them due to the nature of Gravatar. The privacy policy does not apply to those thousands of WP installs that have Gravatar enabled since no one on those sites know about it and the WP core team refuses to disclose anything about it to the end user by default. Automattic can also basically do whatever they want with the data. They are very vague in who they can give data too. From my non legal readin of the policy. But you can find extensive discussions on the subject online.
        http://meta.stackexchange.com/questions/44717/is-gravatar-a-privacy-risk
        http://meta.stackexchange.com/questions/4553/can-we-use-non-gravatar-avatars/5658#5658

        On Gravatar website they write:
        “The way gravatar requests are structured, your email address is encrypted before transmission. Your email address cannot be harvested from gravatar enabled sites due to gravatar requests.”
        Which is a flat out lie and they know it. They basically lie to the face of their users.
        http://torquemag.io/if-you-wouldnt-say-it-in-person-would-you-say-it-online/

        But oh well no one in the higher echelon of the WP community gives a damn about privacy anyway since Automattic probably makes money of the data it collects from forced optin users.

        PS
        There aint even a disclosure of the use of Gravatar on this site. No privacy policy anywhere. Understandably when Jeff alone ran the show. But now with Matt owning it its odd that Matt doesn’t value transparency and disclosure.

        Report


      3. Yes, WordPress itself should obviously be better at that, but that’s unrelated to Automattic, since they don’t control the WordPress.org approach to privacy.

        Report


      4. Aubrey Capitol/Automattic controls WP its a known fact. Nacin is chief lead dev and Matt owns him, Aubrey capital or whatever. There are no real difference. Automattic/Aubrey Capital/Matt controls WP. To say its not about Automattic etc is precisely what is very wrong with the WP community. The power concentration is very high. Nacin, Boren, Ozz, Westwood all lead devs, all employed by Matt through Aubrey or Automattic. Only jaquith is lone gunner but I feel he is very entrenched with the rest anyway.

        You can see prominent WP core devs give the finger to the end users in this ticket. https://core.trac.wordpress.org/ticket/14682
        Aubrey Capitol and Automattic employees voting against fixing the issue. So its indeed a problem with Automattic/Aubrey Capitol influence on the development of WP core to say otherwise is to put ones head in the sand, cover ones ears and sing lalalalaa.

        Report

Comments are closed.