Paul Moreno | Pinterest security engineering lead, Cloud
Pinner safety is a top priority for us, and so earlier this year we joined the growing list of websites that are fully HTTPS. As we build trust with Pinners, it significantly improves security in one fell swoop. Migrating to HTTPS presented a number of expected — and unexpected — engineering challenges, starting with finding the right CDN provider partner.
We identified and mitigated many technical challenges in the discovery process of the migration. One of the biggest challenges was working with our CDN providers, which support HTTPS and our certificates. We also knew that CDN image distribution over HTTPS can potentially cost significantly more. Other technical challenges included:
- Surfacing hard coded HTTP URLs and functions in source files
- Performance impact
- Older browser support
- Referral header removal from HTTPS to HTTP sites
- Mixed content warnings (broken lock in browser bar)
Once we felt comfortable enough to start testing, we launched a test in the UK where we have an active Pinner community. Our tests showed there was an insignificant impact on SEO and little effect on any one browser. It wasn’t until we cast a larger net to a percentage of our global audience did we see the following other challenges:
- Missed CDN content that broke the Pin It button for several hours
- Not all sitemap files were updated to point to HTTPS domains
- An unknown Safari issue
Although we anticipated a number of challenges, we were able to tackle those unexpected ones with a lean and fast-moving team. Here’s how we did it:
- Broken “Pin It” button. We were able to quickly mitigate by a swift DNS change to a new CDN provider.
- Referral header remover issues. We used a meta referrer header to support HTTPS tracking to HTTP sites.
- Unknown Safari issue. Our UK experiment provided data that showed a small percentage of users had problems logging in after the migration. We pinpointed this to Safari users, which allowed us to start investigating the root cause.
In addition, having multiple CDN providers that supported HTTPS gave us options for performance as well as commercial leverage.
In the end, we enhanced the privacy of Pinners by enabling encryption while also hindering exploitation by way of man-in-the-middle attacks, session hijacking, content injection, etc. This also paved the way for future products that may require HTTPS to launch. Finally, the move to HTTPS resulted in a 10 percent (max) increase in signups a day, because we were able to remove the redirect flow from HTTP to the HTTPS signup page.
We will continue our journey towards HTTPS with further enhancements including HTTP Strict Transport Security (HSTS), which will prevent SSL stripping. We also plan to work with Chromium to preload our domain to prevent SSL stripping on a user’s first visit to Pinterest.
Introducing our paid bug bounty program
Prior to the HTTPS migration, we were hesitant to open a paid bug bounty program because of a number of known vulnerabilities associated with being only HTTP. Now that a number of gaps have been closed as a result of the migration, we’re happy to announce that we’ve upgraded the program with payouts results, with a 10x increase in reports since launching the paid program. We highly encourage the whitehat hacker community to use our program and report bugs, which helps us keep Pinners safe and increase our security posture.
If you’re interested in working on security engineering challenges like this, join our team!
Paul Moreno is the security engineering lead on the Cloud team.
Migrating to HTTPS wasn’t a smooth process. It took several members of various teams to pull off, and there were a number of moving parts. Special thanks to engineers Amine Kamel, Chris Danford, Danilo Stefanovic and Anna Majkowska for their hard work making Pinterest a safer place.