SoylentNews

Website Aims to Publicly Shame Apps with Lax Security

posted by janrinok on Thursday August 21 2014, @12:03PM   
from the now-go-stand-in-the-corner! dept.

AnonTechie writes:

The amount of personal data traveling to and from the Internet has exploded, yet many applications and services continue to put user information at risk by not encrypting data sent over wireless networks. Software engineer Tony Webster has a classic solution — shame.

Webster decided to see if a little public humiliation could convince companies to better secure their customers' information. On Saturday, the consultant created a website, HTTP Shaming ( http://httpshaming.tumblr.com/ ) , and began posting cases of insecure communications, calling out businesses that send their customers' personal information to the Internet without encrypting it first.

• httpshaming.tumblr.com lacks https themselves.. httpshaming.tumblr.com lacks https themselves.. (Score: 3, Funny) by kaszz on Thursday August 21 2014, @01:10PM

  by kaszz (4211) on Thursday August 21 2014, @01:10PM (#83915) Journal

  Perhaps http://httpshaming.tumblr.com/ [tumblr.com] should make https://httpshaming.tumblr.com/ [tumblr.com] to work before shaming insecure sites.

  Though a good initiative!

  Starting Score:	1		point
  Moderation		+1
  Funny=1, Total=1
  Extra 'Funny' Modifier		0
  Karma-Bonus Modifier		+1
  Total Score:		3

• Recursive shaming (Score: 4, Insightful) by MrGuy on Thursday August 21 2014, @03:41PM

  by MrGuy (1007) on Thursday August 21 2014, @03:41PM (#83978)

  And, as is their policy, they use their site to httpshame tumblr.

  Here's the headline on the top of their tumblr page where they make it clear they're aware of the issue, that it's tumblr's fault, and that they'd like tumblr to fix it:

  Can you please encrypt my traffic?!
  Yup, this site is on HTTP – blame Tumblr for not supporting SSL, because you know we are.

  Parent