4 comments

[ 3.3 ms ] story [ 22.2 ms ] thread
So The Pirate Bay is not using SSL for backend traffic. Just ... wow. sigh
This is a good demonstration that the nice green padlock in a browser is a symbol full of nuance.
This "anyone can get SSL from CloudFlare for free" concept sounds great on the outside but really it might do more harm than good giving the illusion of security. The backend traffic needs to be SSL encrypted as well or else the green lock icon is deceptive.
It's worth noting that "Flexible SSL" is the lowest security option available - Cloudflare provide access to a free private CA (https://blog.cloudflare.com/cloudflare-ca-encryption-origin/) in order to encourage people to secure their backend connections.

I wonder if they might help combat the illusion of security by providing a response header, well-known image URL or similar to indicate the backend SSL status.