Announcement: CCDBR Website is Now Encrypted!

Posted on September 1, 2017

Beginning today, the website for the Chicago Committee to Defend the Bill of Rights, ccdbr.org, is now secured with SSL/TLS encryption. Connections to the website from all modern desktop and mobile web browsers will now automatically enable an encrypted connection using 128-bit AES and Elliptic Curve Diffie-Hellman handshakes, and certified by a Let’s Encrypt X3 certificate. As a result, the URL should now read https://ccdbr.org, and your browser should display detailed connection information on the left side of the URL navigation bar. 

Encrypted web connections offer significant digital privacy protections to internet users, and as a committed defender of civil liberties, CCDBR believes in extending and advocating these protections to its readers and supporters. The primary benefit encryption confers on users is the ability for their precise browsing and reading habits to remain private. Without encryption, anyone intercepting the connection between the user and the site’s web server would be able to identify every individual page of a website that a user accesses, including exactly which articles they read and how long they view each one. But with a secure connection, anyone with such a “man-in-the-middle” position would only be aware that the user is somewhere on a given website, but not which page of the site they are accessing. Not only does this ensure the privacy of connections on networks that are particularly vulnerable, such as cafe hotspots and hotel networks, but it also significantly degrades the quality of information that an ISP can collect on users who browse these pages. 

Another critical safeguard afforded by encryption is the integrity of information sent to and from the site. By obscuring the contents of a webpage until they reach the user’s browser, the user can be sure that information was not altered in transit in order to transmit false information, or even malicious instructions for the browser to run. This also extends to data sent in the other direction, from users to the site, such as email subscription requests or contact form submissions. 

CCDBR is still refining the settings of its encrypted connection, so some sub-elements of pages on the site are not yet encrypted, but the bulk of the site will now be delivered via an encrypted connection, and we are continually striving to improve the security of the site for all of our users. These new protections encompass the most sensitive pieces of browsing data such as the exact page of the site browsers access, the vast majority of all page content displayed in the browser, and all information submitted by users to the site. Encryption has now become an indispensable part of modern internet usage, and CCDBR is proud to lead by example in this regard.