Follow

altpocket.io/login What the FUCK. A website specialised in CRYPTOcurrency not implementing proper HTTPS CRYPTOGRAPHY.
What.
The.
Fuck.

And no. Not even the sign up or log in features are protected.

@one Manually adding https to the front works, but them not redirecting all requests to https is criminal in 2019.

@robinsyl Indeed. Doing HSTS *AND* sending an HTTP 301 redirect if anyone tries to use your website on plain HTTP, should be legally mandatory for webmasters.

For bonus points, also disable TLS equal or lower than 1.1.

@one That said they only use CloudFlare SSL so cf could technically see the traffic

Sign in to participate in the conversation
Mastodon πŸ” privacytools.io

Fast, secure and up-to-date instance. privacytools.io provides knowledge and tools to protect your privacy against global mass surveillance.

Website: privacytools.io

In collaboration with: OpenNIC