I am wondering if there is any consideration being given to the idea of moving to a more secure HTTPS connection for EC. Given the concerns about privacy and security, it seems like this would be a good idea.
Hi, Yes, it is part of the plan for the transition to the new platform, which is getting closer and will probably happen within the next 3 months or so.
Thanks, Chip. I'm glad to see this is already considered. I'd urge EC to consider HTTPS even if the new platform gets delayed... I don't know all the technical details and EC resource realities. But I do know I'm very concerned about Internet privacy in general given Internet realities in the US. (Yes, I'm thinking of the vote last week here...)
The difference will be completely transparent to users. Most of the web is transitioning to https, as Google is now downrating sites in search results that don't use it.
I noticed more & more sites are going HTTPS Its also resulting in more sites that become inaccessible for me.
The problem with HTTP connections is that they are less secure. I am cringing right now, because I accessed EC all the time from a home computer, and presumably my ISP knows that. God knows how much they know, and how much they will sell that info for. Not to mention who will buy the info. Admittedly, HTTPS is probably not perfect--they could probably tell that I'm connected to a LGBT site. But the details of what I'm doing, at least, would remain private.
Yep, they can still tell that you connected to 'emptyclosets.com' (or whatever site you go to). But if its a 'secure' site they can't see what you actually looked at. -------- Main problem I have with HTTPS is: For some sites it works fine, (as Chip said completely transparent to users). But others it results in an error of "Transfer Interrupted" (it IS related to the HTTPS, not a connection issue) And others an error of something along the line of "This site uses a security protocol which isn't enabled" (I don't have any disabled :lol Only place I truly want to see HTTPS is on a sites where I'm doing something like buying/paying/etc something, or dealing with true personal information.
That's likely a configuration error with the server. The protocol itself is rock stable and sites like Amazon have used it throughout their sites for years. If the problem you describe was with the protocol, no one would use it. Again, this is either a configuration error on the server, or the site is using an outdated SSL certificate. There was a major security flaw discovered about a month ago in certificates more than a year or so old, and Chrome and other major browsers have implemented error messages to discourage users from going to insecure sites. None of this will be an issue with our conversion to secure/encrypted transmission of data.
