Discussion Forums

The forums are open for viewing, but closed to new registrations.

To post or start a new topic you need to be a subscriber or already registered.

Click on a forum name to see the list of topics beneath it. 

Click on a topic name to see the posts and comments.

HTTPS ethical consumer
Last Post 14/05/2016 12:28:26 by ethereal_consumer. 0 Replies.
Printer Friendly
PrevPrev NextNext
You are not authorized to post a reply.
Author Messages
New Member
New Member

14/05/2016 12:28:26

    I really appreciate ethical consumer and have found it very useful over the past year.

    I always access the website rather than receive physical copies.

    Currently, as far as I'm aware, all internet connections to ethical consumer are completely non-encrypted. This means someone could perform a "man in the middle" attack to get information about a users activities. I believe this would include usernames and passwords used for signing in.

    If ethical consumer upgraded to a *fully* HTTPS website (https://en.wikipedia.org/wiki/HTTPS) then people connecting would be protected by encryption, and their passwords and usernames would be more secure. Some websites only use encryption for the sign in, but it is far more secure to have the entire website protected by encryption.

    For the time being it would be a good idea to strongly encourage people to use a unique password and username. Then at least no one will be able to use the information to sign into more sensitive websites.

    Also (this might be a bit paranoid, but it is interesting) since your server is in the UK, it is most likely that connections made to your website are tap-able by GCHQ. Whilst I don't think anyone would go on a `list' for visiting ethical consumer , there have been suggestions that even the subconscious knowledge that somebody _could_ know what you're doing can dissuade people from researching certain material. For example post NSA leaks the number of visits to certain wikipedia pages decreased https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2769645.

    If you used HTTPS people in the middle, like internet service providers, government bodies and malicious hackers, would still be aware that people are visiting ethical consumer, but they would not know their exact activities. So you would also give more privacy to your readers.

    This is also a problem for lots of smaller online shops, which can be more unnerving. Payment details tend to be handled by another website, so at least this is protected, but sometimes names and addresses need to be entered over non-encrypted connections, plus the contents of shopping carts. I can find it unsettling, but I counter it with the knowledge that the websites I use are small targets, so there is a bit less risk.

    There are some exceptions though, like Green Valley Trading Co., Boutique Vegan, Vegusto, Faith in Nature and Fairphone. Maybe you could contact them or some other people that have HTTPS websites for advice.
    You are not authorized to post a reply.


    30 day trial subscription

    Customisable ethical ratings for over 40,000 companies, brands and products, plus Ethical Consumer Magazine. The simple way to shop with confidence.

    Discover more