Monday, July 17, 2017

Does My Site Need HTTPS? (via Troy Hunt):

Just because your site is hosted safely in your account doesn’t mean it won’t travel through cables and boxes controlled by who knows how many corporate- and state-owned entities. Do you really want someone injecting scripts, images, or ad content onto your page so that it looks like you put them there? Or changing the words on your page? Or using your site to attack other sites?

1 Comment RSS · Twitter

The thing that galls me is my company putting a certificate on our corporate Windows machines that allow them to masquerade SSL certificates, and snoop what we would normally consider private web traffic. In the process, they break sites like, oh, I don't know, DROPBOX. Good work, corporate IT. It creeps me out to think they're tracking everything I might type in Gmail or iCloud. I try to keep all personal information, conversation, and browsing off that machine.

Leave a Comment