• FumpyAer [any, comrade/them]@hexbear.net
      link
      fedilink
      English
      arrow-up
      4
      ·
      edit-2
      3 months ago

      Any sensitive data you submit or get served on that site can be intercepted, read, or possibly changed on the way to you (called a “man in the middle” attack). Including your location data, credit card info, username, password, etc.

      A vpn could mitigate this somewhat, but it would still be unencrypted between their network out point and the site’s server.

      I’d also call it a red flag in terms of their security. If they aren’t competent/diligent enough to implement SSL encryption, I’d be a bit worried that they may be vulnerable to a hacker replacing their safe file downloads with a malicious one.

      This would be even worse on a public wireless network where somebody could catch your packets on the way to the router.

      • anarchoilluminati [comrade/them]@hexbear.net
        cake
        link
        fedilink
        English
        arrow-up
        3
        ·
        3 months ago

        Thanks! I don’t use any identifying information and always use VPN. I don’t care if they get the username/password for that account anyway. So, I hope that helps. Haha But, yeah, not great for security and always try to avoid http.

    • Justice@lemmygrad.ml
      link
      fedilink
      English
      arrow-up
      2
      ·
      3 months ago

      In addition to everything already suggested, here’s another really small one: retype the url for the site but manually make it https instead of http

      Most browsers, most web hosts and whatever else now days automatically force everything into https, but if the site is older, not well maintained, or whatever reason the person has, they might be utilizing this type of stuff. There’s basically no reason that a publicly hosted website should not have https that I can think of. Locally hosted stuff, sure, but we’re talking just random ass webpage perhaps found on google or something? It should go to a https url otherwise something funky is going on.

      But yeah, add an s and see. Especially if you’ve (against the advice of your browser and OS screaming) turned off the forced automatic https redirect. I’ve turned it off before while messing with stuff and found there are websites still that don’t automatically redirect to https if you mistakenly type http. Seems wild now days but it happens