The USPTO (Patent and Trademark Office) has updated its Public Patent Application Information Retrieval (Public-PAIR) service so that it no longer supports HTTPS (secure) access. From the announcement with emphasis added:
Public PAIR Maintenance and Outage
The USPTO will be performing maintenance on the Public Patent Application Information Retrieval (Public Pair) beginning at 12:01 a.m., Friday, April 21 and ending at 2 a.m., Friday, April 21 ET.
During the maintenance period, Public PAIR will be unavailable.
Immediately after the maintenance, users will only be able to access Public PAIR through URLs beginning with HTTP, such as http://portal.uspto.gov/pair/PublicPair. Past URLs using HTTPS to access Public Pair, such as https://portal.uspto.gov/pair/PublicPair, will no longer work.
Can anyone explain why there would be this seemingly backwards move to insecure communications?
(Score: 0) by Anonymous Coward on Monday April 24 2017, @12:23PM
HTTPS doesn't actually help an awful lot with this sort of privacy concern, because it does nothing to conceal traffic flow.
A passive observer of HTTPS traffic knows:
(a) Who you are talking to
(b) How much data you sent, and exactly when you sent it
(c) How much data you received, and exactly when you received it.
So because of (a) the eavesdropper knows you are talking to USPTO. With (b) and (c) the eavesdropper can likely determine exactly which USPTO documents you are veiwing with very high confidence, especially if you access more than one.