Loading Profile...
Help get this topic noticed by sharing it on
Twitter,
Facebook, or email.
Twitter,
Facebook, or email.
I’m
a little sad
Chrome Camelizer cannot decode Amazon URLs with https protocol
I use Chrome with an extension named "KB SSL Enforcer", which automatically switches from http to https if provided by the web server. Unfortunately, the Chrome Camelizer seems to be unable to decode such URLs at Amazon (UK or Germany) and won't show its icon in the address box.
-
The Camelizer does not execute on secure pages by design, to avoid any security concerns users may have about an extension that can watch them checkout or accidentally leaked sensitive information somehow. Basically, at the time it felt like a door better left closed...
But I'm open to suggestions if Camelizer users think I'm just being pedantic about security! Do you want the Camelizer to run on httpS pages, given the aforementioned concerns?-
anma February 11, 2011 13:29Not much interest here. :-( I can understand your concerns from the standpoint of the developer. But as a user while browsing the Amazon site I now have to decide between secured connections (better security and privacy, especially in insecure networks, e.g. in a coffee shop) or be able to use the Camelizer. I can't have both.EditDeleteRemove
-
-
-
-
-
Anma: do you really need security when browsing products though? So what if coffee shop users see you looking at a product?
Obviously you don't want them to see you check out, but that's why amazon forces https during checkout.-
I don't know what kind of harm you can do with session hijacking on the Amazon sites or the odds of such an attack. You're right, for a checkout Amazon requests your password and switches to https. Others won't be able to place an order (at least if 1-click ordering is disabled). However, they should be able to access and modify your shopping basket and your wishlists. So I won't need the security (as in "my life depends on it"), but I'd prefer it. :-)
-
-
-
-
-
Understood! But that is pretty much why we avoid running on HTTPS. We aren't going to do any harm, but we want to encourage trust by saying, look, we force ourselves to not even touch this so that you know that we don't.
-
EMPLOYEE
