EL PAÍS protects its online readers with secure navigation system

Aside from ensuring data protection, the introduction of this new security protocol will protect EL PAÍS readers from external fraud and ensure privacy. Internet service providers will no longer be able to collect information about which EL PAÍS pages their users visit, meaning anonymity will be ensured when it comes to visits to articles that could reveal information about a person’s political or religious beliefs or sexual orientation, as well as other personal details.

The issue of security is one of the chief concerns at Google, whose browser, Chrome, is the most popular in the world: it has a 32% share of the market according to research firm Net Market Share. In September 2016, the tech giant announced it would mark as “not secure” all pages that did not use the HTTPS protocol with a red warning sign.

When you load a website, someone else can look at or modify it before it gets to you

Emily Schechter, Google security team

“When you load a website over [the less secure] HTTP [protocol], someone else on the network can look at or modify the site before it gets to you,” warned Emily Schechter, who is from Google’s security team.

A recent study by online security company Redalia gave Spain’s public institutions, political parties and media companies a failing grade in terms of the introduction of HTTPS. In fact, apart from huge sites such as Google, Facebook, Amazon, Yahoo, Twitter, Instagram and Wikipedia, EL PAÍS is, as of today, the only major Spanish media outlet using the protocol.

According to Redalia, all of Spain’s media outlets – apart from EL PAÍS – will in future be marked insecure given that they contain user-registration sections where passwords are collected.

The HTTPS protocol came into being two decades ago to provide additional security for online financial transactions and for the sending of sensitive information via email within government departments and companies. The delay in general uptake – use of the protocol has only become widespread this decade – comes down to the fact that 20 years ago, most servers lacked the speed and processing power needed to encrypt and decrypt data.

For EL PAÍS, the use of the HTTPS protocol is crucial in ensuring that third parties do not alter site content before it reaches users – something that could facilitate the publication of so-called “fake news.” These attacks are known as man-in-the-middle (MITM) attacks, which are also used for the creation of fake pages that are used to steal user names, passwords or credit card numbers.

In rolling out its HTTPS version, EL PAÍS is following the recommendations of the Press Freedom Foundation

In rolling out its HTTPS version, EL PAÍS is following the recommendations of the Press Freedom Foundation (FLIP), which in December 2016 launched an initiative to promote the adoption of the protocol on the part of media companies worldwide. Of the 125 media outlets surveyed, only 29% had adopted this security measure, and only 14% of those had this protocol as their default setting. One of the organizations’ principal warnings was related to censorship. “Unencrypted HTTP traffic is easier to filter and block, making the censorship of articles, subjects, authors or media outlets on the part of authoritarian governments easier,” the foundations said.

The EL PAÍS technical team has spent the last nine months preparing for the switch to HTTPS with the protocol also being applied to millions of articles from the archive. All registration data provided by EL PAÍS users has been protected since the digital edition of the newspaper was first launched.

English version by George Mills.