Improved security with HTTPS

Improved security with HTTPS

More and more modern web services are implementing HTTPS to improve the security of their web sites. Google even announced it is going to promote websites using HTTPS in its search results. That and the fact quite some start.me users have been asking about HTTPS support made us decide to finally take the leap. From now on start.me will use HTTPS.

What does this mean for you?

First and foremost this means extra security. We already had quite some measures in place to keep your data safe. By encrypting the connection between your browser and our servers, we can now guarantee nobody will be eavesdropping, which was a remote possibility we could thusfar not prevent. That means a major boost for your privacy!

Your browser will show you some sort of indicator to tell you the connection is secure. In Google Chrome, for instance, you will see a green padlock in the address bar. Furthermore, you will notice the address now starts with ‘https‘.

Shorter URLs

As part of the migration, we decided to shorten the address of our service. In the past we had been using ‘http://www.start.me’ as the address. To save you some typing and conform with the standard set by such examples as Twitter and Trello, we removed the ‘www’ part and now simple go with ‘https://start.me’. Easier to remember!

This does not mean you have to change anything. If you use the long www-address, that is fine: it will automatically be converted to the shorter version. So all existing links will keep working!

Problems?

Although we tested everything thoroughly and ran a small scale beta test for some time, we do realize this change may cause some problems we may not have foreseen. If you experience any issues or have questions about the level of security we now provide, please contact us!

Michiel de Wit

Michiel de Wit

Michiel is CGO and co-founder of start.me. He is a software professional with a lot of experience in developing enterprise grade web applications. He is a certified Scrum Master and a great proponent of modern software development practices.


(It's free and will only take a minute)

18 Replies to “Improved security with HTTPS”

  1. i really like your homepage efforts. i use your service all day. just a comment, i do prefer the yahoo style where the headline is a different color than the body text, which might be a nice option. keep up the good work!

    rich

    1. Sorry to hear that Stephen. We realize that this is frustrating. Unfortunately browsers do not support embedding HTML pages over HTTP on a HTTPS site, so there is nothing we can do about this.

      Feel free to contact us at support@start.me with specific requests for widgets. We might be able to find a suitable replacement for the ones that are no longer working.

  2. For some reason my bookmark app – Add to Startme – quit working. It pops up with all the information but when I press SAVE nothing happens. I love Startme and use it all day long.

    1. Hi Dennis,

      Do you use Firefox? At the moment the Firefox add-on (save action) isn’t working. This is a known bug to us and we’re working on a fix. Let me know if you use a different browser.

      Best regards,
      Luuk
      start.me

  3. This is great news to hear!! Now when I start up Pale Moon, It’s directly to your secured homepage! Nice work you guys! Also thanks for the integration with Pale Moon! 🙂

  4. I have just started to use “Start.Me”, I have set it up on my home PC.
    Is it possible to duplicate/sycronise this page to , say, my office computer and tablet?

    Thanks

    1. You don’t actually need to duplicate or synchronize. You can just log in to start.me on your home PC. This will give you access to all your pages instantly!

  5. On subsequent requests, even it the connection uses HTTP, HSTS forces the browser to use HTTPS for connecting to a particular website instead of HTTP. Most examples use the following to implement HSTS, which does not follow the RFC.

    1. We made some improvements to the way the Embed widget handles insecure content. This means insecure content should work more often. Some browsers may still block insecure scripts, breaking your content. In Chrome this can be remedied by clicking the Shield icon that appears in the address bar and selecting ‘Load unsafe scripts’.

  6. It’s a shame that you force https, when you can set it so that you can use either. As it is, I can’t even embed my own website (it has absolutely no adverts on and makes no money, and it doesn’t sell anything so I don’t plan on wasting money on an ssl certificate that it doesn’t really need).

    One of my other sites is actually just a simple blog using blogger, but because it has a custom domain I can’t use https anyway, so it sort of screws people who actually don’t need and/or can’t use https over.

    1. We agree that HTTPS causes issues with the Embed-widget. We implemented a transparent proxy is used to draw in content from non-HTTPS sources. That should work to embed HTTP-content. If it doesn’t work, please contact our support at support@start.me. They should be able to help you out.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe to our blog via email

If you want to stay up-to-date, enter your email address below. You will receive notifications of new posts by email.

Subscribe to our blog ➔