Secure web gets push from Wikipedia switch to HTTPS and Apple iOS 9 recommendation

The slow progression towards a more secure internet continues, with Wikimedia sites soon to use HTTPS for all traffic, while Apple recommends that all new apps use TLS connections.

One of the largest collections of websites on the internet is making the switch to encrypt all of its traffic, with Wikimedia, the body behind Wikipedia, announcing that it will move to HTTPS for all of its traffic.

Wikimedia also said that it will make use of HTTP Strict Transport Security to ensure that any Transport Layer Security (TLS) cannot be downgraded to a lower level of encryption, as has occurred in recent SSL attacks including Logjam and FREAK.

"Over the last few years, increasing concerns about government surveillance prompted members of the Wikimedia community to push for more broad protection through HTTPS. We agreed, and made this transition a priority for our policy and engineering teams," Wikimedia said in a blog post.

"In a world where mass surveillance has become a serious threat to intellectual freedom, secure connections are essential for protecting users around the world."

The switch to HTTPS transport has been worked on for years, Wikimedia said, and although the set-up has been heavily tested, it admits that the move could be detrimental for some of its users.

"Today, we are happy to start the final steps of this transition, and we expect completion within a couple of weeks," it said.

During its Worldwide Developers Conference (WWDC) last week, in among the features announced by Apple for iOS 9, the company unveiled App Transport Security (ATS) to allow an app to specify which domains it needs to communicate with over HTTPS, and encouraged all iOS developers to use it.

"If you're developing a new app, you should use HTTPS exclusively," Apple's note on ATS said. "If you have an existing app, you should use HTTPS as much as you can right now, and create a plan for migrating the rest of your app as soon as possible."

Last week, the US White House mandated that all US federal websites use HTTPS encryption by the end of 2016.

Browser maker Mozilla said in May that it wanted to phase out non-secure HTTP, and plans to do so by only allowing new features on HTTPS websites.