Saturday, November 11, 2017

HTTPS is fake security.

by Angela K. Durden
Technology inventor protecting creator's copyrights. Business writer, novelist, songwriter, and Citizen Journalist.

A woman on a social media portal made the statement that https should be the "baseline to play" in order to have a website. Here is my reply to her about why she is wrong:


"Https as a baseline to play" is an incorrect assumption on your part. First, your statement assumes every site that is not https is a thief. They are not.

Second, your statement assumes that regular folks who use third-party payment processors such as PayPal, Stripe, and other merchant card processors are not handling their business properly when, in point of fact, they are handling it well by employing vendors who do have https certification and who go even further: Vendors deploy massive and ever-updated security measures to combat fraud and hackers.


Third, your assumption is that somehow https magically grants online protections. It does not. In fact, data protection is only as good as a SaaS company builds it and no https certification even looks at any company's software to determine how well they've built it. I know this as I have a SaaS company. The protections we've built in I won't even tell you, but data is extremely safe. Though it is rated https, we did not build our site to get that rating and did not even figure it into the why or how we built our internals.


Fourth, your "baseline to play" argument does not solve the problem of fraud. Anybody can write a bad check. At checkouts, cashiers regularly swipe a special pen across money to determine if it is legitimate currency. Hackers never stop and if you want to talk about https protections, what the hell happened with Equifax? Who left the barn door open there, huh? 


Fifth, let me predict further that in 10 years the Equifax's of the world will not exist. We are now seeing the downward spiral of Tech Giants. The more Google and Amazon aren't moving money through their systems, the more they squeeze the little guy for more cash for an iffy service that adds no value. And that is why Google is requiring https certification: Additional revenues they need, and they need it badly.

No comments:

Post a Comment