Personal SSL-wall-of-shame

Posted January 22nd, 2009 by konrad

I find it sad that many even quite popular online platforms still do not offer TLS/SSL encryption for the login process and beyond that to keep users passwords and data safe. In some cases the option to use encryption is available but not everybody is aware of that. So I compiled my personal collection of bad examples in alphabetical order that do not use TLS/SSL encryption or only after manually changing the URL (https instead of http). At least on two them you can login via OpenID which is is great but so far not widespread solution (and was just recently proposed and discussed to be used as identifier for scientists).

Here is the list. SSHame on you! Hopefully you fix this soon.

Site SSL availability
BookCrossing not per default
connotea not at all (but has OpenID)
CouchSurfing not per default
CouchSurfing Wiki not at all – you end up at couchsurfing.com
friendfeed not on the frontpage
identi.ca not at all (but OpenID). UPDATE: got it – per default
kluster.com not per default
nature network not at all
OpenStreetMap not at all
OpenMoko Wiki not per default
OpenWetWare not per default
PLoS manuscript submission e.g. for PLoS ONE not per default
tumblr not per default
Twitter not per default
Wikipedia not per default

Please feel free to correct me if I am wrong or send you personal candidates.

BTW: If you do not want to trust an external OpenID provider you can set up your own OpenID server. There are many easy solutions for doing this. The DiSo project has created an OpenID plugin for WordPress so it can be used as an OpenID client and server.

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>