Today, OpenStreetMap has enabled encryption (SSL) to all of the openstreetmap.org website, thereby enhancing the privacy of its users.
You can now browse the site at https://openstreetmap.org (note the ‘https’). This means your browsing activity is secure from snooping.
OpenStreetMap stands with the Open Rights Group and the Electronic Frontier Foundation in asserting greater Internet freedom, including the right to individual privacy. With this action providing the highest quality Free/Open Data Geographic resource to everyone.
We are proud to roll this out on the same day as the “Day We Fight Back” campaign.
Other aspects of privacy around OpenStreetMap are discussed on this wiki page.
This post is also available in: Japanese
I wonder how much it impacts tile servers performance. We’ll see with munin graphs.
Eric we tested the tile traffic over the last few days first 5% then 20% and the impact was minimal. We also upgraded the web frontends.
Nice addition to https://OpenStreetMap.org Thank you, sysadmins.
Good on you! Thank you for that!
Susan H
It’s great to see SSL/TLS on OSM
It’s a great pity you didn’t also enable Forward Secrecy at the same time.
Is there any reason why FS wasn’t enabled? Are there any plans to enabled it in the future?
https://www.ssllabs.com/ssltest/analyze.html?d=https%3A%2F%2Fwww.openstreetmap.org%2F
Forward Secrecy is enabled.
We have now enabled PFS for additional clients.
Excellent. Thank you, thank you, thank you 🙂
Great news.
I’m using the HTTPS Everywhere extension for my browser. But when i log in to OSM it doesn’t automatically redirects me to https:// as it does with other websites, any body knows why?
Apparently, a ruleset for a site needs to exist:
https://www.eff.org/https-everywhere/rulesets
Looks like the updated ruleset is already in progress here, and should be in HTTPS Everywhere once that pull request is merged (which is likely to be after the next major release):
https://github.com/EFForg/https-everywhere/pull/158
Is anyone else able to see the map? I’m not. It puts up the frame, chugs awhile as though it’s populating the viewport with tiles, and then stops. I’ve tried http and https, re-scaled up and down, but just get the same non-response response. Google maps work as per usual, so it’s not a general problem.
Please try again with all browser add-on/extensions disabled.
Now it loads. Someone must have done something to fix it, because it wasn’t loading either on this system or my laptop when I posted.
Pingback: LibraryThing Begins Using SSL Encryption on All Pages that Ask for Private Data | LJ INFOdocket
Please compare also Here maps…
http://here.com/43.4043133,39.958024,16,0,0,normal.day
:o))
Hi! this is a good news, but i had a problem accessing https://blogs.openstreetmap.org.
firefox say:
blogs.openstreetmap.org uses an invalid security certificate. The certificate is not trusted because it is self-signed. The certificate is only valid for smcdonald.vm.bytemark.co.uk (Error code: sec_error_untrusted_issuer)
there is no problem with http://blogs.openstreetmap.org.
Regards,
aury
This announcement in only for http://www.openstreetmap.org. We are gradually rolling out SSL support to additional sites. eg: taginfo.openstreetmap.org is next.
ah, ok!
thx
Thx !!!!!!!!!!!
Merci 🙂
It Works!
Err, why is THIS BLOG post software NOT accessible with HTTPS? 🙁
Because it takes time to set these thing up. See Grant’s comment above. Presumably HTTPS enthusiasts will be pleased that they’ve started with the main things first (the main OpenStreetMap.org site and map tiles)
This was already in the pipeline. Please be polite. SSL is now enabled on blog.openstreetmap.org.
Hi! On the HTTPS page, the function “Edit > Edit with Remote
Control (JOSM or Merkaartor)” doesn’t work anymore with JOSM on my
Windows 7 system.
Can anybody confirm this?
Yes it is broken and is a known issue. A poor workaround is to switch back to http:// after login.
Thank you very much for the encryption. Is there any way to redirect visitors (of the www web interface) to https? In my opinion the web interface should be encrypted by default. Due to the valid certificate this should not cause any trouble to normal users.
Once logged in you will remain in HTTPS. There are no immediate plans to redirect all site visitors to HTTPS. Consider using the https-everywhere extension once this https://github.com/EFForg/https-everywhere/pull/158 pull request has been applied.
Pingback: Weekly OSM Summary #89 | OpenStreetMap Blog
Pingback: 週間OSMサマリ #89 | OpenStreetMap Blog
Pingback: OSM – Riassunto Settimanale #89 | OpenStreetMap
Pingback: OpenStreetMap Chile » Blog Archive » Resumen Semanal OSM #89