During the last week of rioting across the UK 8 riot vans were called out to quel the unrest just around the corner from where I live. With scenes of chaos and destruction filling the airwaves and clogging up twitter I begun thinking: Are your scrapers safe from looters? We don’t stock trainers or flat-screen TVs, but data is much more valuable. And we want to keep it safe.
Remember the furore over Firesheep? It made it easy to hack into other people’s Facebook accounts from Internet cafes. That’s just one example of why it is important that all traffic between a web application and the browser is encrypted. So we’re setting up our digger with an alarm system and steering lock.
We’ve just rolled out secure HTTP across ScraperWiki. You now have to access the website, APIs and views using https:// URLs. You will be able to tell from the corner of your browser, for example on Chrome it looks green with a padlock like this.
Let us know if you have any problems with the new setup – particularly from tools that use the API. We’ve set up redirects and done some testing, so everything should be fine. But there are sure to be niggles – do tell us.
P.S. This is all in preparation towards making private scrapers more generally available.