Shulou(Shulou.com)06/01 Report--

It's really a good thing, without quotation marks.

You may not have noticed that when searching with Baidu, the http in the browser's address bar has become a thing of the past, followed by a more secure https. China's largest search engine made an important decision in March 2015 to force https connections across the site. It has been a year and a half since Google did it.

It is not a unique instance, but has its counterpart. On October 14 of the same year, at the Hangzhou Yunqi Conference, Alibaba announced that his e-commerce platform had realized https of the whole station. "Alibaba has become the first e-commerce company in the world to support full-site HTTPS," the World wide Web reported. "in sharp contrast, some e-commerce sites, such as JD.com and Amazon, have only enabled https on login or transaction pages. For users, this approach is more like scratching the boot."

Careful friends may find that in the late 2015 and early 2016, in addition to Baidu and Ali, cutting-edge technology companies like Zhihu also began to turn to site-wide https connections, with a small lock icon added in front of the URL. For the average user, the lock is both familiar and unfamiliar: familiar because it is often seen on the login and transaction pages of major websites, and unfamiliar because most of the websites you visit on a daily basis are not locked.

There is no doubt that locking is for security, locking is the future trend, and locked websites are more popular with search engines. However, I never expected that in the domestic network environment, the biggest threat to security came from operators who made Internet companies dare not speak out. Tencent, Xiaomi, 360, Jinri Toutiao, Meituan Dianping and Weibo issued a joint statement calling for cracking down on traffic hijacking. Although the statement only dares to say that "certain institutions" hijack traffic, industry insiders all know who "certain institutions" are and how boldly they play hooligans.

Almost every user has encountered that a web page opened with a mobile phone is forcibly inserted into a business order menu or illegal pop-up advertisement by China Mobile or China Unicom or China Telecom, even the page opened in Wechat is doomed. These inexplicable menus and pop-up ads not only seriously affect the normal browsing experience of users, but also make users feel confused and worry that their privacy is compromised by the website they are visiting. Not everyone knows that, in fact, this content is realized by operators openly injecting their own code into other people's websites.

Industry insiders complained on the Internet, "since the second half of 2015, the traffic hijacked by operators has reached an appalling level. It is hard to believe how much of the traffic of a national well-known website has been hijacked. It is hard to believe that more than 50% of users complain that the call is because of what operators have done." Perhaps even more incredible is that an operator named this service as ipush push advertising, blatantly attracting investment and attracting advertisers.

In Zhihu's question, "Why did all the major websites use HTTPS at the end of 2015?" Below, Zhihu user he Mingke explained the difference between http and https in popular language, and also expressed the helplessness of Internet companies.

Internet companies are like Taobao merchants, operators are like couriers, and users are like buyers who need to cut their hands. And express companies are still monopolized, and there are few companies in the country to choose from. In the past, when using the http protocol, it was equivalent to the Internet company sending goods to the user, but randomly choosing a package and letting the operator distribute it to the user. For their own benefit, operators take apart the package and fill it with all kinds of advertisements. It is even possible that the user buys a book and the package is stuffed with a whole box of flyers or small cards. Maybe even this kind of card below.

Now use https protocol, Internet companies send goods to users, but this time choose a safe to send goods to users, open the password to tell users through other channels, and then let operators deliver to users. Although the cost is much higher, it is finally safe.

Several technicians from first-tier Internet companies have a similar view: operators' hooliganism is becoming more and more serious, which is the biggest driving force for domestic websites to comprehensively turn to https technology. The technology, created to protect website data, has become a counterattack by Chinese Internet companies against operators threatening website security and their own interests. At the same time, the maturity of technology and the reduction of technology realization cost have objectively promoted the popularization of https technology in the whole station.

In this way, operators have done a good thing, prompting more large and medium-sized Internet companies to make up their minds to transform the structure of their websites and build long-overdue fortifications against malicious rogue operators and possible future illegal operators.

Finally, to tell you a secret, it is said that when using traffic to surf the Internet on a mobile phone, a search for "what to do if hijacked by an operator" can be avoided, and many netizens say it is indeed effective. Why? Perhaps it is because some local operators who still have a conscience deliberately left this bug.

Http://www.evtrust.com/symantec/index.html

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.