HTTPS rollout
Apr. 8th 2016 | by Stefan Schuster
Two days ago we've started to optionally enable HTTPS for all of Mind42. This means that you can use Mind42 with HTTPS now, but it's not yet enforced. Please report any problems you may encounter to us. If Everything works out we'll completely switch to HTTPS soon.
Background information: Mind42 started back in 2007 as a small web-service. It has been a different time, and getting a certificate, setting everything up and so on, honestly, just wasn't that important. In 2012 we've introduced HTTPS encrypted connections on all pages where sensitive data (passwords) was transmitted. That meant the sign up, sign in and user settings pages. So we had HTTPS set up, but forced the user to return to HTTP once logged in - which some users understandably criticized. Now this has changed. While we are not yet enforcing a redirect to HTTPS, we are no longer enforcing the redirect back to HTTP. This will suite a lot of users, and we can gather some experiences whether this will break stuff or not.
Nowadays HTTPS definitely should be a matter of course. Historically (and partially still today) some things prevented us from switching to HTTPS. Some years ago the ads have been one reason for example. Google did only start to serve ads over HTTPS back then, and if we would have used that, revenue would have been too low. Ads are the only way Mind42 is financed (besides the payed option to remove the ads) - so that was important to us. Another problem is the "mixed content warning". When integrating images into mind maps, they get included directly from the web and are not proxied through our servers. So this means that you could include HTTP images in a HTTPS mind map. This may causes some warnings - but that's the reason why we are going through a test phase right now.
In the end it's clear. We have to switch to HTTPS. That's state of the art - everything else would be careless. And we're happy to finally offer this to our users.