Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] [HTTPS-Everywhere] httpS log-on page

Drake, Brian brian2 at
Sat Jun 25 01:19:29 PDT 2011

This is a Firefox message. It means that although the page containing the
form was loaded over a secure connection, the URL for the form submission is
to be accessed over a non-secure connection. Getting around such
“subversion” is the one of the main points of HTTPS Everywhere.

I had always assumed that HTTPS Everywhere still works in cases like this,
but only intercepts the request after the warning you quoted is displayed to
the user. It does work, right?

(It should also be noted that this is often the result of less
security-conscious (negligent?) developers innocently hardcoding HTTP URLs
into pages, rather than an actual attempt to avoid the use of HTTPS.)

On Sat, Jun 4, 2011 at 0758 (UTC-8), Frank Corrigan <
email at> wrote:

> The blog provider has introduced a very annoying override on
> it's httpS log-on page, when the log-in button is pressed a Security
> Warning pops up with:
> "Although this page is encrypted, the information you have entered is to
> be sent over an unencrypted connection and could easily be read by a
> third party.
> Are you sure you want to continue sending this information?"
> View screen capture:
> I am not seeking technical help, just to alert list members to the
> subversion of https when entering passwords and usernames/email
> addresses. Which follows on from removal of the S in httpS
> for any https based url posted on a blog hosted under,
> when the posted httpS url is also a blog. (like the one
> above...)
> Frank
> _______________________________________________
> HTTPS-everywhere mailing list
> [snip] <>

Brian Drake

Alternate (slightly less secure) e-mail: brian at
Alternate (old) e-mail: brianriab at

Facebook profile: Profile ID
Twitter username: BrianJDrake <>
Wikimedia project username:
inactive for a while)

All content created by me
2010–2011 Brian Drake. All rights reserved.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the liberationtech mailing list