Noticed a few sources not utilizing HTTPS.

Discussion in 'Security, Privacy & Anonymity' started by RobertL, Nov 19, 2017.

  1. RobertL

    RobertL Member

    To put it even simpler than in the video.. When your source is using http vs https it makes man in the middle attacks easy as nothing is encrypted.

    You're sign in details. Not encrypted.
    You put in your email. Not encrypted.
    You put in your name. Not encrypted.
    You put in your address. Not encrypted.
    etc.

    It's a fairly simple fix so just check to see if the source you're using is https://www.website vs http://www.website

    A lot of browsers now provide a little icon in the url bar. A little green lock vs an unlocked red one. Take a look now. Meso should have a nice green lock.

    You can use addons like https everywhere for some encryption but it's best if the source itself is providing https.

     
    Millard Baker and ickyrica like this.
  2. ickyrica

    ickyrica Member

    Easy fix, order through their email service rather than the web site. I actually text my dude with encrypted messaging when it's time to reorder.
     
  3. RobertL

    RobertL Member

    You're right it's a simple solution. Only by sources that offer that though.

    FAQ from one source.

    o_O
     
  4. ickyrica

    ickyrica Member

    Stupid is as stupid does i guess lol
     
    MindlessWork and RobertL like this.
  5. master.on

    master.on Member

    Maybe it has to do with SSL (hence https) requiring an STATIC ip.
    Is unique IP address a must for SSL?

    Static IP are more expensive, may require additional registration = traceable, and may become blocked on LE request.


    Even better:
    Email your source ONLY from THE SAME Email service
    i.e. open a Protonm, Safe-m, tutan, etc account to match the one your source has
    then all Emails will automatically go thru https encryption.