DEV Community

Cover image for Dear "developers" who insist they don't need HTTPS, or SSL certificates
Voltra
Voltra

Posted on

Dear "developers" who insist they don't need HTTPS, or SSL certificates

Please invite me somewhere we can share the same network, you know, so you can showcase your brilliance and websites that don't use HTTPS while I steal every piece of personal data I can.

Seriously, security is not a fucking joke, stop dicking around...

Top comments (5)

Collapse
 
shikkaba profile image
Me

No need to be condescending. Many people still haven't learned about security and don't know the difference between https and http. They probably are of the mindset as well that if the site isn't taking or sending data, then they don't need it.

Educate on the reasons instead.

Collapse
 
voltra profile image
Voltra • Edited

It's what I do, but when they have years of experience it sends me flying. And those dead set on being wrong. I should have tagged the post as a rant

Collapse
 
user1111333 profile image
Sacred (void*)

...while I steal every piece of personal data I can.

Would you elaborate this part a little bit? Can you define "personal data"?

The only thing I'm thinking is an MITM attack.

Collapse
 
voltra profile image
Voltra • Edited

The main (and only?) issue is in fact MITM. But that's just the "open door". You can replace links to have bounces and steal unprotected data, or cross-domain data, without the user necessarily noticing. You could also just grab all cookies and send them to you, etc...

As for the definition, I'd play it safe and use the GDPR's definition of it:

any information relating to an identified or identifiable individual

Collapse
 
mrrightp profile image
Right possible

ok