• FumpyAer [any, comrade/them]@hexbear.net
    link
    fedilink
    English
    arrow-up
    4
    ·
    edit-2
    3 months ago

    Any sensitive data you submit or get served on that site can be intercepted, read, or possibly changed on the way to you (called a “man in the middle” attack). Including your location data, credit card info, username, password, etc.

    A vpn could mitigate this somewhat, but it would still be unencrypted between their network out point and the site’s server.

    I’d also call it a red flag in terms of their security. If they aren’t competent/diligent enough to implement SSL encryption, I’d be a bit worried that they may be vulnerable to a hacker replacing their safe file downloads with a malicious one.

    This would be even worse on a public wireless network where somebody could catch your packets on the way to the router.

    • anarchoilluminati [comrade/them]@hexbear.net
      link
      fedilink
      English
      arrow-up
      3
      ·
      3 months ago

      Thanks! I don’t use any identifying information and always use VPN. I don’t care if they get the username/password for that account anyway. So, I hope that helps. Haha But, yeah, not great for security and always try to avoid http.