More on TRUSTe – Serving Seals without SSL

SSL/HTTPS provides encryption, but the protocol also provides assurance that the website on the other end of the connection is who they say they are, and that the information they send has not been tampered with by someone in the middle.  In other words it means you can have much more TRUST in the information’s authenticity.

The screen shot below shows an example of what Chrome displays when you click the lock icon next to an HTTPS URL.  Identity Verified

Screen Shot 2014-11-20 at 12.10.49 AM

TRUSTe’s site that verifies the privacy seals allows HTTP connections without SSL.  If a page with the seal is an HTTP page, clicking the TRUSTe seal will take you to an HTTP lookup page. You can try it here.  TRUSTe’s page for looking up which sites have its seals is an http page.  You can see that here.

Here is a screen shot of what Chrome says about the identity of the TRUSTe page for looking up certified companies. Identity not verified

Screen Shot 2014-11-20 at 12.31.09 AM

So, TRUSTe is providing a privacy certification, but allows the certificate to be sent over a connection that does not verify their identity or protect against tampering with the information between their server and your browser.  How can a user trust that it’s authentic?

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s