Quote:
Originally Posted by MikeyB
HTTPS does not guarantee the contents of the site is safe, nor that the what they do with any data is safe, e.g. storing passwords as plain text.
I could go & create a site now, get a certificate and make sure it's only accessible via HTTPS, and fill it with "dodgy" downloads for you to get, which could then infect your PC.
This is where your anti-virus/anti-malware software & common sense comes into play.
The increased risk of an HTTP only site is that (with the right skills & willing) someone could see anything you put into a form, or see exactly what you are looking at & downloading. HTTPS prevents this as the communications between you & the website are encrypted.
But for any website at all, if you're concerned about downloading anything, simply don't, or search around & try to verify that it's safe.
|
And this is why I would never put anything into a site which does not have https.
For me, the issue is whether there is any addition risk simply by visiting a site which does not have https because as soon as you visit any website you are downloading content, and from what you have indicated, there is no difference as all https does is encrypt data sent between user and site and vice versa to stop sone else from seeing what you are doing and what data is being transferred. Correct?