The USPTO (Patent and Trademark Office) has updated its Public Patent Application Information Retrieval (Public-PAIR) service so that it no longer supports HTTPS (secure) access. From the announcement with emphasis added:
Public PAIR Maintenance and Outage
The USPTO will be performing maintenance on the Public Patent Application Information Retrieval (Public Pair) beginning at 12:01 a.m., Friday, April 21 and ending at 2 a.m., Friday, April 21 ET.
During the maintenance period, Public PAIR will be unavailable.
Immediately after the maintenance, users will only be able to access Public PAIR through URLs beginning with HTTP, such as http://portal.uspto.gov/pair/PublicPair. Past URLs using HTTPS to access Public Pair, such as https://portal.uspto.gov/pair/PublicPair, will no longer work.
Can anyone explain why there would be this seemingly backwards move to insecure communications?
(Score: 4, Informative) by Leebert on Monday April 24 2017, @11:23AM (4 children)
You're overthinking the threat model here. I'll give you a "for instance": Get onto a Southwest Airlines flight, connect to (and pay for) their wifi, and marvel at them injecting JavaScript into every single HTTP request.
(Score: 1, Insightful) by Anonymous Coward on Monday April 24 2017, @11:51AM (3 children)
1. Sue them for interfering with a communication channel
2. Use a VPN
(Score: 0) by Anonymous Coward on Monday April 24 2017, @01:29PM (1 child)
Wait, you mean people actually use those public wifi services without using VPNs?
I guess people really are that stupid...
(Score: 1, Insightful) by Anonymous Coward on Monday April 24 2017, @07:51PM
No, people are ignorant not stupid. As a saavy tech user it is really easy to dismiss stuff we see as simple and easy to figure out. For most people setting up their browser to use a VPN is a very difficult and technical task. That is even if they know what a VPN is or that public wifi connections are really that dangerous!
(Score: 2) by Immerman on Monday April 24 2017, @01:40PM
(1) is kind of difficult when they said they'd do as much on page 57 subparagraph 12 of the fine print you agreed to when accessing their service (I'm assuming it's in there, if not it would be added as soon as the first lawsuit was filed)
Https offers a technical solution so that they and their ilk don't have the option in the first place.