Livejournal Webpages Are No Longer Secure
Source: http://swan-tower.dreamwidth.org/785861.html
Your readers should know about another catch:
LJ no longer allows access to its https site when browsing/posting, which means that any information you send to that site is readable by every other site that cares to eavesdrop. This means that anything you post under friendslock is still being read by any site that chooses to spy on Livejournal communications; you can safely assume that at least one Russian-government entity is.
I just double-checked, and the payment page *is* protected by https,, com so that at least should be secure.
Read more about HTTPS vs HTTP browsing
NO MATTER WHAT YOU DECIDE TO DO: Install The EFF's HTTPS Everywhere extension for Chrome/Firefox (also Android).
From their FAQ:
When does HTTPS Everywhere protect me? When does it not protect me?
HTTPS Everywhere protects you only when you are using encrypted portions of supported web sites. On a supported site, it will automatically activate HTTPS encryption for all known supported parts of the site (for some sites, this might be only a portion of the entire site). For example, if your web mail provider does not support HTTPS at all, HTTPS Everywhere can't make your access to your web mail secure. Similarly, if a site allows HTTPS for text but not images, someone might be able to see which images your browser loads and guess what you're accessing.
HTTPS Everywhere depends entirely on the security features of the individual web sites that you use; it activates those security features, but it can't create them if they don't already exist. If you use a site not supported by HTTPS Everywhere or a site that provides some information in an insecure way, HTTPS Everywhere can't provide additional protection for your use of that site. Please remember to check that a particular site's security is working to the level you expect before sending or receiving confidential information, including passwords.
One way to determine what level of protection you're getting when using a particular site is to use a packet-sniffing tool like Wireshark to record your own communications with the site. The resulting view of your communications is about the same as what an eavesdropper on your wifi network or at your ISP would see. This way, you can determine whether some or all of your communications would be protected; however, it may be quite time-consuming to make sense of the Wireshark output with enough care to get a definitive answer.
You can also turn on the "Block all HTTP requests" feature for added protection. Instead of loading insecure pages or images, HTTPS Everywhere will block them outright.
edited: Also, if you do backup your Livejournal blog or community to Dreamwidth, please consider buying a paid account. [A Dreamwidth post with
comments | Post or read on Dreamwidth| How to use OpenID]
Your readers should know about another catch:
LJ no longer allows access to its https site when browsing/posting, which means that any information you send to that site is readable by every other site that cares to eavesdrop. This means that anything you post under friendslock is still being read by any site that chooses to spy on Livejournal communications; you can safely assume that at least one Russian-government entity is.
I just double-checked, and the payment page *is* protected by https,, com so that at least should be secure.
Read more about HTTPS vs HTTP browsing
NO MATTER WHAT YOU DECIDE TO DO: Install The EFF's HTTPS Everywhere extension for Chrome/Firefox (also Android).
From their FAQ:
When does HTTPS Everywhere protect me? When does it not protect me?
HTTPS Everywhere protects you only when you are using encrypted portions of supported web sites. On a supported site, it will automatically activate HTTPS encryption for all known supported parts of the site (for some sites, this might be only a portion of the entire site). For example, if your web mail provider does not support HTTPS at all, HTTPS Everywhere can't make your access to your web mail secure. Similarly, if a site allows HTTPS for text but not images, someone might be able to see which images your browser loads and guess what you're accessing.
HTTPS Everywhere depends entirely on the security features of the individual web sites that you use; it activates those security features, but it can't create them if they don't already exist. If you use a site not supported by HTTPS Everywhere or a site that provides some information in an insecure way, HTTPS Everywhere can't provide additional protection for your use of that site. Please remember to check that a particular site's security is working to the level you expect before sending or receiving confidential information, including passwords.
One way to determine what level of protection you're getting when using a particular site is to use a packet-sniffing tool like Wireshark to record your own communications with the site. The resulting view of your communications is about the same as what an eavesdropper on your wifi network or at your ISP would see. This way, you can determine whether some or all of your communications would be protected; however, it may be quite time-consuming to make sense of the Wireshark output with enough care to get a definitive answer.
You can also turn on the "Block all HTTP requests" feature for added protection. Instead of loading insecure pages or images, HTTPS Everywhere will block them outright.
edited: Also, if you do backup your Livejournal blog or community to Dreamwidth, please consider buying a paid account. [A Dreamwidth post with
comments | Post or read on Dreamwidth| How to use OpenID]