|
|
|
|
|
|
by themartorana
4528 days ago
|
|
|
I imagine it to be a horrible miscarriage of trust to not use HTTPS. We made the decision early on that handling any personal data not over HTTPS was massively irresponsible - and this is pre-Snowden. That said, if they have kernel-level hacks or can intercept and decode HTTPS (or sit and listen on say, any AWS server they want), what does HTTPS really matter against the NSA? Still, totally irresponsible - battery life is a constant struggle, but not enough to even make us consider changing our API client code. |
|
|
How do you know that the apparently random stream of bits is actually properly encrypted and does not leak private data? It would be better to let the OS add the SSL layer and only let apps talk HTTP. This would give the user much more control.