We'll see if the next president loves all kinds of encryption as much as we do, but we should expect her, or him, to at least encrypt their own site. After all, even the White House is pushing for all government sites to be encrypted by default.Paul Schreiber, a senior web developer at political and data site FiveThirtyEight, did exactly that, and examined and compared the security and configuration of the four candidates' websites."So, you want to run a country. Can you hire someone who can run a website?" he wrote, adding that nowadays, the most important thing to look at in a site is its security, or, more specifically, whether it's encrypted with HTTPS or not.Switching a website to HTTPS consists of putting a layer of protection of top of regular HTTP traffic, which is all in the open and vulnerable to snoops. To do that webmasters use Transport Layer Security (TLS) or the older Secure Sockets Layer (SSL). Other than adding a simple "S" at the end of the URL, a website that's encrypted makes every connection to it more secure and private.
"The next president must know that internet security for them—and for users—is non-negotiable."
Their sites not only supports HTTPS, but are encrypted by default, meaning they force all visitors to the encrypted HTTPS version.Rand Paul, this year's most vocal anti-surveillance candidate (he's even selling anti-NSA webcam stickers and accepts Bitcoin for donations) actually doesn't have HTTPS by default enabled. If you type randpaul.com, you go to the the unencrypted site.Ted Cruz's site has the same issue, with the added minus that if you try to visit https://tedcruz.org (without the www. at the beginning of the URL) you get a 404. Another sign that Ted Cruz isn't very good at this new thing called the internet."I was curious to see how presidential candidates fared: did their sites meet current best practices for website development?" Schreiber told Motherboard. "Sadly, when it comes to HTTPS, most did not."Supporters of encryption are applauding Schreiber's project."I love this post, and I'm really happy we're in a place where presidential candidates get evaluated on their tech and privacy stack," Eric Mill, a technologist at 18F, told Motherboard.Mill, who's been pushing for more web encryption across the internet, added that Schreiber's doesn't take into account other factors related to privacy, such as how many third parties trackers a website contains. In the case of hillaryclinton.com, it's a whopping 18, according to Mill's own quick analysis. (He still has to look at other candidates sites).
Hillary Clinton and Marco Rubio are the frontrunners for the privacy-minded geek vote.
And this is not just a trivial, geeky effort. Mill explained that "since campaign staff often become governing staff, it's also quite reasonable to use it as evidence of how they'd manage tech if elected."And while this, as Schreiber put it, is "only a small piece of the puzzle," keep it in mind when you head to the polls next year.
"Since campaign staff often become governing staff, it's also quite reasonable to use it as evidence of how they'd manage tech if elected."