Is your radio station website HTTPS? And should you care?

Radio Tomorrow with James Cridland

Occasionally, this column goes deep into tech, and this is one of those weeks. Apologies in advance, but I think it’s worth it.

Sitting in a coffee shop a few years ago, I was working on a website of mine. Looking at the website, I saw the ads looked a little different. Hmm, I thought. I wonder why.

It turned out that the coffee shop’s wifi was replacing the normal ad code that you see on websites with its own. So that it got the money, instead of my website. I wasn’t particularly impressed. But then I remembered that it wasn’t the first time I’d seen that – I’ve seen this in hotels, too, and even while using some mobile phone networks.

With an HTTP website, everything is transmitted in the clear. Your internet provider can see exactly what you’re doing. So can the coffee shop wifi. They can change it, too – changing the ad code, in this example. They could do rather worse – injecting pornography into images, or replacing every mention of “Donald Trump” with “the Dumb Cheeto”. Users are unlikely to realise that it’s not your website, but some malicious code elsewhere.

It’s worse still. If you’re asking your listeners to contact you through the website, that means other people can see, and change, what they’re sending you – their names, their email addresses, all that stuff. Radio stations can be targeted – and, indeed, have – for their large amount of public interaction.

The way to fix this is to move from an HTTP website to an HTTPS one. You’ll spot that an HTTPS one has a padlock in the address bar, and probably says “Secure”. All the best sites are – your bank, Amazon, and which is a fine read for insomniacs everywhere.

If you don’t think anyone cares, then you’re in for a shock: in July, Google Chrome will be telling your visitors – with a big red warning sign – that your HTTP website is insecure. It’s already doing it if you’re asking for personal information.

(That’s the stick – the carrot, if it helps, is that HTTPS websites are given a little boost by Google in the search results).

This isn’t just going to affect the little guys. Testing this week, in New York NY, 1010WINS and WFAN, WBLS, WCBS-FM and WCBS-AM, La Mega, and Hot 97 are all insecure, HTTP websites. 7 out of the 12 top-rated stations.

In Sydney, 6 websites fail the test out of the top 12: KIIS, WSFM, ABC Radio Sydney, triplej, 2CH, and ABC Classic FM.

London fares a little better, with just 5 out of the top 12: LBC, Capital, Classic FM, Heart and Smooth are all insecure, HTTP websites, all owned by Global (who, one assumes, will fix this shortly).

In the Netherlands, only three of the top 12 fail the test – Sky Radio, Q Music, and Radio Veronica.

Going HTTPS isn’t the easiest thing to do, but it’s important to do before July. Your audience expects you to be good with their personal information, and certainly won’t expect your website being flagged up as “insecure”: or will be confused as to why, all of a sudden you’re just talking about a US politician called the Dumb Cheeto.

Note: radioinfo is an HTTPS site.


About The Author

James Cridland, the radio futurologist, is a conference speaker, writer and consultant. He runs the media information website and helps organise the yearly Next Radio conference. He also publishes, a daily briefing on podcasting and on-demand, and writes a weekly international radio trends newsletter, at

Contact James at [email protected] or @jamescridland