> who is in a position to tap your connection such that this becomes a serious security concern?
When you use HTTP everything is sent in plain text. This means...
- Anyone on the same network as you can see all of your traffic. This includes company networks, coffee shop wifi, your house, the library; any place that has a WiFi network. Caveat: it's possible to use network isolation to hide your traffic but this is crazy rare to see and typically is done to isolate networks, not individual traffic.
- Your ISP can see and log everything sent over HTTP.
- Anyone at the router level that your traffic passes through. Your traffic makes a lot of hopes over various routers on the internet before making it to your final destination.
Overall it's a terrible idea for anything that needs to be sent securely.
When you use HTTP everything is sent in plain text. This means...
- Anyone on the same network as you can see all of your traffic. This includes company networks, coffee shop wifi, your house, the library; any place that has a WiFi network. Caveat: it's possible to use network isolation to hide your traffic but this is crazy rare to see and typically is done to isolate networks, not individual traffic.
- Your ISP can see and log everything sent over HTTP.
- Anyone at the router level that your traffic passes through. Your traffic makes a lot of hopes over various routers on the internet before making it to your final destination.
Overall it's a terrible idea for anything that needs to be sent securely.