ripper234



Offline



Activity: 1344

Merit: 1002





Ron Gross







LegendaryActivity: 1344Merit: 1002Ron Gross Blockchain.info should switch to SSL by default June 14, 2013, 11:25:59 AM #1



I propose that the homepage will always redirect from

After this redirect, any search a user does on this site will be on SSL by default.



The purpose is to make it a bit harder on men-in-the-middle (e.g. ISPs) to capture any traffic that helps them analyze which users searched which addresses. Currently blockchain.info supports SSL, but doesn't require it. If you go to either http://blockchain.info/ or https://blockchain.info/ and search for a bitcoin address, it works.I propose that the homepage will always redirect from http://blockchain.info/ to https://blockchain.info/ After this redirect, any search a user does on this site will be on SSL by default.The purpose is to make it a bit harder on men-in-the-middle (e.g. ISPs) to capture any traffic that helps them analyze which users searched which addresses.

Executive Director

Co-founder of the Israeli Bitcoin Association Please do not pm me, use ron@bitcoin.org.il instead Mastercoin Executive DirectorCo-founder of the Israeli Bitcoin Association

Every time a block is mined, a certain amount of BTC (called the subsidy) is created out of thin air and given to the miner. The subsidy halves every four years and will reach 0 in about 130 years. Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertised sites are notendorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.

lucasjkr



Offline



Activity: 644

Merit: 500







Hero MemberActivity: 644Merit: 500 Re: Blockchain.info should switch to SSL by default June 14, 2013, 02:46:14 PM #3



https://blockchain.info/block-index/393463/0000000000000101a6ec423efffd45e070f3aa628d4ab9fd688abb9eb26555f8



See anything wrong with it? Any attacker or man-in-the-middle will know exactly what you were searching for simply by looking at the URL you arrive at. Just as if you search for a transaction that hit this wallet "11CtTrDnLu2DtbQJPYDUVGf5ZeQ7RB1ao", you arrive at this SSL-enabled page "



The page is only encrypted to prevent a man in the middle from replacing information on each result page, but it does zero in the name of user privacy. Adding a redirect won't change anything. So, if i go to blockchain.info and search for a transaction, upon hitting post, it redirects me to the SSL version of their site. This is where it redirected me, as a matter of a fact:See anything wrong with it? Any attacker or man-in-the-middle will know exactly what you were searching for simply by looking at the URL you arrive at. Just as if you search for a transaction that hit this wallet "11CtTrDnLu2DtbQJPYDUVGf5ZeQ7RB1ao", you arrive at this SSL-enabled page " https://blockchain.info/address/11CtTrDnLu2DtbQJPYDUVGf5ZeQ7RB1ao The page is only encrypted to prevent a man in the middle from replacing information on each result page, but it does zero in the name of user privacy. Adding a redirect won't change anything.

SgtSpike



Offline



Activity: 1372

Merit: 1001









LegendaryActivity: 1372Merit: 1001 Re: Blockchain.info should switch to SSL by default June 14, 2013, 03:01:47 PM #4 Quote from: lucasjkr on June 14, 2013, 02:46:14 PM



https://blockchain.info/block-index/393463/0000000000000101a6ec423efffd45e070f3aa628d4ab9fd688abb9eb26555f8



See anything wrong with it? Any attacker or man-in-the-middle will know exactly what you were searching for simply by looking at the URL you arrive at. Just as if you search for a transaction that hit this wallet "11CtTrDnLu2DtbQJPYDUVGf5ZeQ7RB1ao", you arrive at this SSL-enabled page "



The page is only encrypted to prevent a man in the middle from replacing information on each result page, but it does zero in the name of user privacy. Adding a redirect won't change anything.

So, if i go to blockchain.info and search for a transaction, upon hitting post, it redirects me to the SSL version of their site. This is where it redirected me, as a matter of a fact:See anything wrong with it? Any attacker or man-in-the-middle will know exactly what you were searching for simply by looking at the URL you arrive at. Just as if you search for a transaction that hit this wallet "11CtTrDnLu2DtbQJPYDUVGf5ZeQ7RB1ao", you arrive at this SSL-enabled page " https://blockchain.info/address/11CtTrDnLu2DtbQJPYDUVGf5ZeQ7RB1ao The page is only encrypted to prevent a man in the middle from replacing information on each result page, but it does zero in the name of user privacy. Adding a redirect won't change anything. Correct me if I am wrong, but URLs are encrypted in SSL as well.

Abdussamad



Offline



Activity: 2590

Merit: 1299









LegendaryActivity: 2590Merit: 1299 Re: Blockchain.info should switch to SSL by default June 14, 2013, 06:01:58 PM #9 HTTPS traffic takes up more server resources than HTTP traffic. It takes up more CPU and RAM. Given that blockchain.info is a free service I see no reason why the webmaster should spring for more servers just to please some people.



If you are paranoid about this you should use the HTTPS version. Bookmark it and always visit the site via the bookmark.