Federal AIDS website insecurely transmitted user locations for years

Everyone loves to hate Healthcare.gov, but there are plenty of other bad websites out there. Take, for example, AIDS.gov. The Washington Post reports that the site has failed to adhere to basic web security protocols for the past few years. As a result, anyone snooping on internet traffic could easily find the location and identity of someone searching for locations that offer HIV testing facilities or other services.

The culprit is encryption — or rather, the lack thereof. Like the vast majority of websites, AIDS.gov and another similar government site offering HIV assistance, has not used SSL encryption to maintain its users’ privacy. SSL, also known as Secure Sockets Layer, is often used on banking websites to scramble data sent…

Continue reading…

The Verge – All Posts

Leave a Comment