Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

it's because OP linked to the HTTPS version of reddit, which doesn't exist. akamai will serve an HTTPS version of any page that they cache, and if the customer has not configured HTTPS they will serve it up with their certificate.

reddit uses akamai for page content but not for any authentication, there are no security benefits to using https://reddit instead of http://reddit



You are avoiding eavesdropping attacks but not man-in-the-middle attacks.

That did not stop me from removing the 's' instead of clicking three times in Firefox.


FWIW, a HTTPS version of Reddit does exist. It just happens to be on the pay.reddit.com hostname instead. See:

https://pay.reddit.com/r/SOPA/comments/nhfes/do_you_guys_rea...


there was an explanation from one of the admins once upon a time about why pay.reddit wasn't any more secure than standard reddit. i forget the details, but the consensus was don't bother.


I'll stick with the side of caution and use the freely available HTTPS version until someone proves the above claim.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: