[Qz]

I'm getting certificate errors -- is this part of the point or something else?

[notatoad]

it's because OP linked to the HTTPS version of reddit, which doesn't exist. akamai will serve an HTTPS version of any page that they cache, and if the customer has not configured HTTPS they will serve it up with their certificate.

reddit uses akamai for page content but not for any authentication, there are no security benefits to using https://reddit instead of http://reddit

[tobias3]

You are avoiding eavesdropping attacks but not man-in-the-middle attacks.

That did not stop me from removing the 's' instead of clicking three times in Firefox.

[mike-cardwell]

FWIW, a HTTPS version of Reddit does exist. It just happens to be on the pay.reddit.com hostname instead. See:

https://pay.reddit.com/r/SOPA/comments/nhfes/do_you_guys_rea...

[notatoad]

there was an explanation from one of the admins once upon a time about why pay.reddit wasn't any more secure than standard reddit. i forget the details, but the consensus was don't bother.

[mike-cardwell]

I'll stick with the side of caution and use the freely available HTTPS version until someone proves the above claim.

[maqr]

Not part of the point, try the http version: http://www.reddit.com/r/SOPA/comments/nhfes/do_you_guys_real...

[soitgoes]

Nothing in the SSL certificate returned identifies www.reddit.com hence the warning. The common name of the cert (typically used to identify the website) is actually a248.e.akamai.net. I think akamai are a service that many websites use but their generic SSL cert can cause problems. You can view the cert using: http://certlogik.com/sslchecker/www.reddit.com/

[redthrowaway]

Chrome told me I was being redirected to Akamai, so I'm guessing it's just a configuration issue. "Proceeding anyway" takes you to the right place.

[troels]

Had me baffled too. Explanation here: http://revealingerrors.com/akamai_ssl

Scary stuff - I never heard of this Akamai entity before.