No secure https when signing on to city-data forum (screen, toolbar, certificate)
Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
Believe what you want but the bottom line is traffic coming or going from a website that does support HTTPS cannot be encrypted. It has to understand what that data is and it can only understand plain text with HTTP. If the server can read it then any third party in between that intercepts it can read it.
HTTPS relies on public/private key encryption, when you make a connection to a secure site it sends you a public key. The public key can only be used to encrypt, your browser also sends the server a public key. The data going between both is encrypted using the public keys, once encrypted it can only be decrypted with the private key held only by the server or your browser.
Without this exchange of keys there is no way to encrypt data.
Agree completely.
There is absolutely no way that your data is encrypted once it leaves the Zenmate server.
Zenmate replying with some technobabble like that is a huge red flag IMO.
Believe what you want but the bottom line is traffic coming or going from a website that does support HTTPS cannot be encrypted. It has to understand what that data is and it can only understand plain text with HTTP. If the server can read it then any third party in between that intercepts it can read it.
HTTPS relies on public/private key encryption, when you make a connection to a secure site it sends you a public key. The public key can only be used to encrypt, your browser also sends the server a public key. The data going between both is encrypted using the public keys, once encrypted it can only be decrypted with the private key held only by the server or your browser.
Without this exchange of keys there is no way to encrypt data.
How about you contact Zenmate support yourself and see what they have to say about your theory? After all, you could be wrong.
Again it's a mild threat and requires the user to be using the same password on different sites, it's still a threat and sites should do what they can to minimize them. HTTPS for the standard pages is not required but it should be used for logins.
How about you contact Zenmate support yourself and see what they have to say about your theory? After all, you could be wrong.
Theory? This is not theory, how I've explained this is basic but that's how secure communications work. Research the topic yourself for more information. Encryption requires both parties are participating so if a server is only accepting traffic over HTTP any data sent or received has to be plain text, there is no way around that. Let me say that again, "has to be".
If you want to contact Zenmate the question I suggest you pose to them is "How can data be encrypted over a HTTP connection when the server is only accepting plain text?".
How about you contact Zenmate support yourself and see what they have to say about your theory? After all, you could be wrong.
There is no theory here. That's just not the way TCP/IP works. You either have a certificate exchange (provided by the server), or you don't. End of story.
It's not magic, and there's nothing Zenmate can do to change it.
There's absolutely no way for them to transmit encrypted data from their server to a server that's not listening on HTTPS. The listening server won't understand the message if it's not in plain text.
Theory? This is not theory, how I've explained this is basic but that's how secure communications work. Research the topic yourself for more information. Encryption requires both parties are participating so if a server is only accepting traffic over HTTP any data sent or received has to be plain text, there is no way around that. Let me say that again, "has to be".
If you want to contact Zenmate the question I suggest you pose to them is "How can data be encrypted over a HTTP connection when the server is only accepting plain text?".
OK, let's not call it "theory" if it upsets you. So I'll describe what you said as "your opinion" which could of course mean that you might be wrong.
Regardless though, I have every confidence that Zenmate works the way they said it does. After all, no bona fide company is going to put their reputation on the line by publishing information which is both misleading and incorrect.
In addition, Mozilla also tests all add-ons submitted to them and if there were any doubts about the product, they would have surfaced by now I'm sure.
OK, let's not call it "theory" if it upsets you. So I'll describe what you said as "your opinion" which could of course mean that you might be wrong.
Have you not read what has been written? This is not a difficult thing to understand. This server is expecting plain text, that is the only thing it will understand. If it can understand it then any third party that intercepts that data can understand it.
At most they may be using obfuscation which makes it difficult for a human to read the source, however it's easily overcome because the machine can easily convert it to human readable format.
Please register to post and access all features of our very popular forum. It is free and quick. Over $68,000 in prizes has already been given out to active posters on our forum. Additional giveaways are planned.
Detailed information about all U.S. cities, counties, and zip codes on our site: City-data.com.