[Cryptography] nytimes.com switches to https

[John Denker]

Quoting from:
 https://open.blogs.nytimes.com/2017/01/10/https-on-nytimes-com/

> We are thrilled to announce that we have begun to enable HTTPS on
> NYTimes.com, an effort that helps protect the privacy of our readers
> and ensures the authenticity of our content.

This is new for them, and unusual in the industry.

++ washingtonpost.com enabled https a couple of years ago.
++ theintercept.com and its parent firstlook.org have used https
     since their inception a couple of years ago.
++ theguardian.com started using https within the past year
++ buzzfeed.com started using https within the past year

All of the above (including NYT) redirect http to https, so you get
it even if you don't explicitly ask for it.

More-or-less everybody else seems not to care.
-- npr.org has an invalid certificate
-- wsj.com has an invalid certificate
-- mcclatchydc.com has an invalid certificate
-- pbs.org redirects https to http
-- bbc.com redirects https to http
-- motherjones.com redirects https to http
-- mercurynews.com redirects https to http
-- latimes.com doesn't respond at all on port 443
-- etc. etc. etc.

===========================================

> We are thrilled to announce that we have begun to enable HTTPS on
> NYTimes.com, an effort that helps protect the privacy of our readers
> and ensures the authenticity of our content.

Ha ha ha, very funny joke.

Have those guys never heard of traffic analysis?  Https does not conceal
the length of the article, nor the pattern of included images.  Therefore
all the opposition has to do is crawl the site once in a while, and they
know what everybody is reading.

Here's one of my favorite maxims:
   Metadata is data.
   Stealing metadata is stealing.
   A cryptosystem that leaks metadata is a cryptosystem that leaks.