All of balthisar.com is available via HTTPS, finally. Although the website is entirely static (built with Middleman), and there are no forms that can be hacked, the switch to HTTPS does offer a couple of safety advantages to you, the user:
- Browsers are increasingly flagging HTTP websites as non-safe, so this change will let browsers know that there's a real identity behind balthisar.com.
- You are protected from man in the middle attacks, meaning that it will be impossible for some malicious actor to pretend to be balthisar.com.
- Users of the website-distributed version of Balthisar Tidy will soon perform software update checks via HTTPS instead of HTTP. Currently it has a special flag which tells macOS to allow HTTP access against Apple’s better judgment. As Apple increasingly tightens security, this loophole will eventually go away. And besides, HTTPS prevents man in the middle attacks via the Sparkle update engine.
So, if you want to see your browser’s warning icon go away whenever you visit, starting using https://www.balthisar.com from now on!