As you browse the web these days, it's quite common to find sites that will help you to post content to various blogging/social networking/aggregation services. One of the ways that you may encounter is through a service called
AddThis, through which site owners can add a single button that will allow posting/linking all over the place.
I was going to try use this service to post an article to my blog and when I clicked the AddThis button and selected Blogger as my
target, I was given the screen shown here. You'll see that it wants me to log into my
Blogger account so that AddThis can create a new post with the article that I was reading. Sounds good so far.
What bothered me, though, was the reassurance that AddThis is providing regarding information safety: "Absolutely. This page is secure (HTTPS)". They reenforce this message by prominently showing a picture of a shield on the screen below the sign-in button, again to show how secure the site is. However, if you take a look at the URL, AddThis is definitely NOT using an HTTPS connection. And according to the browsers status bar, there is no lock icon indicating the use of HTTPS/SSL.
So basically AddThis is just lying. They figure they can just tell you that the page is secure, show you a picture of a shield, and users will gladly enter their private user information.
This post is not intended to bash AddThis (although my confidence in their service is lacking right now) but as a warning to pay attention to site security. All major browsers include a
lock icon somewhere in the status bar that indicates if you are on a secure connection. It's also very easy to look at the site url and verify that you are, in fact, visiting a secure site with an https:// url instead of http://.
So practice safe surfing and just because you see a picture of a shield don't assume you're actually on a secure site.
