Sites not using HTTPS

Please use this forum to ask our resident IT geeks advice.
Post Reply
User avatar
Flatline
Posts: 3449
Joined: Sat Jul 11, 2009 11:30 am
Location: Leeds

Sites not using HTTPS

Post by Flatline »

I wanted to use a neat chrome extension called "HTTPS Everywhere"

This stops you being able to go to unprotected sites

Imagine my surprise to find out that ebay is not using HTTPS

What could be the reasoning behind ebay not using HTTPS?
User avatar
Wicky
Posts: 7895
Joined: Sat Feb 11, 2006 2:43 pm
Location: Colchester Essex
Contact:

Re: Sites not using HTTPS

Post by Wicky »

Logging in and checkout in ebay are https where it's important.
It may be that your whole purpose in life is simply to serve as a warning to others.

ImageVTR Firestorm and other bikes t-shirts
User avatar
freeridenick
Posts: 1574
Joined: Fri May 23, 2014 1:30 pm
Location: Derbyshire

Re: Sites not using HTTPS

Post by freeridenick »

You can bet your house they will be soon. Google are doing their best to force all websites to go https - if you use Chrome you'll see the warnings in address bar.

https is all well and good post login but your login details are still not secure.

More important than eBay is that vtr100.org isn't https. Well, not completely. Both https and http versions are available for the www. subdomain and the root domain.
User avatar
VTRDark
Posts: 20010
Joined: Sun Mar 18, 2012 9:24 pm

Re: Sites not using HTTPS

Post by VTRDark »

And even with a secure protocol the header is still insecure so you can still be tracked and lets not forget that a secure connection is only as secure as the algorithm used and the certificate authority.

https://www.sott.net/article/275524-Why ... -you-think

https://www.eff.org/deeplinks/2011/10/h ... ttps-today

But hey having a little lock icon and https makes folk feel wrapped up in cotton wool and safe so all is good. :roll: How about sites that will happily pass your data on to third party's via the likes of cloudflare and guess who has partnered up with cloudflare.....google and we all know how much they care about our privacy. All they want is our data so they can use it and sell it to third party's like advertisers amongst many others.
https://techcrunch.com/2017/02/23/major ... -websites/

https is a step in the right direction but it's one small step for mankind :lol: If you really want to protect yourself more from your end then use a VPN through a proxy and that does not mean go and purchase some cheap VPN service from China or even within the walls of 14 eyes. You want your own VPN server or if you have to purchase a service that someone offers then make sure they use their own servers and not piggybacking off the back of someone else's network and they hold no logs and all the keys to their network. It's not perfect as there is no such thing as 100% secure but this is as good as it gets in this day and age.

I'd recommend Private Internet Access or VyprVPN if one hasn't the means to set up their own and wants a mainstream service.

As for the other end tread carefully.

https://arstechnica.com/security/2016/0 ... -security/
==============================Enter the Darkside
zakisbak
Posts: 77
Joined: Fri Jul 16, 2021 9:56 am
Location: London

Re: Sites not using HTTPS

Post by zakisbak »

I thought HTTPS Everywhere made all sites https?
When I log in here,it's not https,my browser flags this up,I turn on HTTPS Everywhere and the site then appears with the https prefix ....
Post Reply