Tumblr blog owners can encrypt all visits to their sites, as long as they opt in. Why didn't Yahoo just make SSL the default setting? February 3, 2014 4:12 PM PST Tumblr comes close to universal SSL, but chooses instead to go for opt-in encryption. (Credit: Screenshot by Seth Rosenblatt/CNET) Tumblr has begun to catch up with modern security standards by activating SSL on Monday. There's a catch, though: you have to enable SSL on Tumblr manually. If you're not familiar, Secure Sockets Layer, or SSL, allows for the data being transmitted from the Tumblr server to your computer to be encrypted. SSL decreases the likelihood of casually eavesdropping on people who visit sites with it enabled. Related stories: Tumblr pulls a Twitter, adds mentions Tumblr experienced extended outage Hilarious SFFworthy makes Upworthy headlines geektastic Sorry Neil Gaiman fans, he's taking a Twitter break Fake Nerd Guys: We're on to you, geek wannabes! Tumblr owners can go in to their Tumblr account settings dashboard and manually turn on SSL. Conrad Rushing, Tumblr's director of security engineering who wrote the blog post announcing the new feature, even said that there's no reason that Tumblr owners shouldn't enable SSL. "It doesn't change anything about the dashboard, it just encrypts your connection to it," he wrote. "We've been using it for weeks and haven't even noticed." While Tumblr is to be applauded for giving its blog owners the option to increase the privacy of both themselves and their visitors, a question remains: Why didn't Tumblr just turn on the feature by default for all connections to Tumblr? By enabling SSL for all site traffic, Tumblr would be doing its users and their visitors a small but privacy-forward favor. Tumblr did not immediately respond to a request for comment. CNET will update this story when we hear back from them.
Tumblr blog owners can encrypt all visits to their sites, as long as they opt in. Why didn't Yahoo just make SSL the default setting?
Tumblr comes close to universal SSL, but chooses instead to go for opt-in encryption.
(Credit: Screenshot by Seth Rosenblatt/CNET)
Tumblr has begun to catch up with modern security standards by activating SSL on Monday. There's a catch, though: you have to enable SSL on Tumblr manually.
If you're not familiar, Secure Sockets Layer, or SSL, allows for the data being transmitted from the Tumblr server to your computer to be encrypted. SSL decreases the likelihood of casually eavesdropping on people who visit sites with it enabled.
Related stories:
- Tumblr pulls a Twitter, adds mentions
- Tumblr experienced extended outage
- Hilarious SFFworthy makes Upworthy headlines geektastic
- Sorry Neil Gaiman fans, he's taking a Twitter break
- Fake Nerd Guys: We're on to you, geek wannabes!
Tumblr owners can go in to their Tumblr account settings dashboard and manually turn on SSL. Conrad Rushing, Tumblr's director of security engineering who wrote the blog post announcing the new feature, even said that there's no reason that Tumblr owners shouldn't enable SSL.
"It doesn't change anything about the dashboard, it just encrypts your connection to it," he wrote. "We've been using it for weeks and haven't even noticed."
While Tumblr is to be applauded for giving its blog owners the option to increase the privacy of both themselves and their visitors, a question remains: Why didn't Tumblr just turn on the feature by default for all connections to Tumblr? By enabling SSL for all site traffic, Tumblr would be doing its users and their visitors a small but privacy-forward favor.
Tumblr did not immediately respond to a request for comment. CNET will update this story when we hear back from them.
