The Internet Archive has extended our reader privacy protections by making the site encrypted by default. Visitors to archive.org and openlibrary.org will https unless they try to use http.
For several years, the Internet Archive has tried to avoid keeping Internet Protocol (IP) addresses of our readers. Web servers and other software that interacts with web users record IP addresses in their logs by default which leaves a record that makes it possible to reconstruct who looked at what. The web servers on Archive.org and OpenLibrary.org were modified to take the IP addresses, and encrypt them with a key that changes each day making it very difficult to reconstruct any users behavior. This approach still allows us to know how many people have used our services (now over 3 million a day!) but not to know who is who or where readers are coming from. For those that are uploading or writing to our services we do keep some IP address for a short period to help us battle spam. For books that are checked out from our Open Library service, we record which patron has checked out the book but not the IP address of their computer.
Today we are going further than this. Based on the revelations of bulk interception of web traffic as it goes over the Internet, we are now protecting the reading behavior as it transits over the Internet by encrypting the reader’s choices of webpages all the way from their browser to our website. We have done this by implementing the encrypted web protocol standard, https, and making it the default. It is still possible to retrieve files via http to help with backward compatibility, but most users will soon be using the secure protocol.
Users of the Wayback Machine, similarly will use the secure version by default, but can use the http version which will help playback some complicated webpages.