ArtSites Updates

Some of you may have recently gotten a "This Connection Is Not Private" or similar message when trying to reach your ArtSites website.  This should only be happening to people using fairly old computers that haven't been updated to use the latest software.

Here is what is happening:

Your connection to most websites now is protected with what is known as a certificate.  This certificate assures your web browser that you have reached the website that is shown in your web browser's address bar (URL bar) and that all communications between you and that website are not visible to anyone else and cannot be modified.

These certificates have an expiry date that is designed to force both ends of the connection (website and web browser) to be updated from time to time and to make sure that they are not using communications technology that is no longer secure.

All websites get their certificates from a certificate authority and have to renew them from time to time to make sure that they are not using an expired certificate.  Until a few years ago, this process was complicated, time-consuming and fairly expensive.  So most websites didn't use certificates.  

For an artist's website, it really wasn't all that important.  In most cases, there is no need to keep any information hidden as would be the case for a bank.  A few years ago, Google decided that all websites should use secure connections.  The main advantage was that visitors to your website could not be spied upon by intermediaries on the internet such as governments and ISP, etc.  Those same intermediaries also could not change or inject information into the content.  Some ISPs were known to inject ads into the websites that their customers viewed.  So now it is an expectation that all websites use secure connections and any websites that don't do this will end up being labelled as "insecure" or "not private".

At around the same time as Google was trying to force all websites to use secure connections, a non-profit was formed, called Let's Encrypt, whose goal was to streamline the process of adding and managing certificates for websites.  This was a great solution to any website hosting provider such as ArtSites that allowed them to automate the process of creating and updating certificates for the websites that they managed.  ArtSites quickly adopted this technology as did most of the other services that allowed people to easily create websites.

Back to what has changed to cause some visitors to some websites to see websites as "insecure" or "not private".  A certificate does not stand by itself.  There is what is called a "certificate chain of trust".  A certificate from one website is trusted because it is digitally signed by another certificate.  That certificate is trusted because it is signed by yet another certificate.  This goes on until you reach a "root certificate".  Those root certificate are embedded in either your web browser or in your operating system and get updated in various ways.

Let's Encrypt had 2 root certificates.  One of their own and one from a third party certificate authority.  That third part's root certificate was already well established in operating systems and web browsers so the certificates that Let's Encrypt created could also be trusted by most computers and devices on the internet.  At the beginning of the day on October 1, 2021, that third party root certificate expired and only the Let's Encrypt root certificate was valid.  Any computer or device that does not include Let's Encrypt root certificate will no longer consider certificates from Let's Encrypt (i.e. those that ArtSites uses) as valid.

This change affects approximately 265 million websites.

The most adversely affected devices are Mac computers running older versions of OS X.  In fact any version of Mac OS before 10.12.1 which was released approximately 5 years ago.  So if you are using a Mac with one of these older versions (code names: El Capitan, Yosemite, Mavericks, Mountain Lion, Lion, Snow Leopard, Leopard, Tiger, etc) it's likely that you won't be able to easily access any of these websites.  OS X 12.1 supports all Macs made since mid 2010 and some iMacs and MacBooks from late 2009.  So those machines can and should be upgraded.

Other devices that are affected:

• Older iPhones or iPads that are using iOS 9 or lower.  Anyone with an iPhone 5 or higher can upgrade to at least iOS 10 and so should not be affected.
• Extremely old Android devices using versions less than 2.3.6.
• Extremely old Windows computer using Windows XP without the SP3 patch (all Windows XP systems should have the SP3 patch).

What should you do?

For ArtSites artists, we can make some adjustments to your website so you can access it without requiring the certificate.  Contact us and we will do that for you.  We won't do this for all ArtSites websites automatically because it might cause other issues for those that have relatively up to date software.

If you can upgrade your operating systems or to a newer version, I strongly suggest that you do so.  Ideally you should be using the latest version of any operating system to keep your whole computer secure and protected from malware, viruses and potentially being "hacked".

If you have a computer that is so old that it cannot be upgraded (for Macs, greater than about 11 years old, for Windows computers, greater than about 15 years old) this might be a time to consider something new, or even just "newer".