eBay

eltracom · ‎04-29-2014

I still cannot believe EBay, a place where millions of financial transaction occurs on a daily basis, has still not come out of the dark ages and have an SSL enabled site. Other than signing in or updating certain account information, everything else is done outside of SSL. Private messages between buyers and sellers, account financial activity listing, and so on are all done unencrypted. You would think after a year of Edward Snowden revelations that a place such as EBay would enable SSL. It is not something hard to do, nor is it excessively expensive either. People have asked EBay about this before and EBay simply responds that it is unnecessary and so forth, but those excuses EBay put out are no longer relevant in this day and age. Simply put, there is no excuse for EBay not having SSL.

kxeron · ‎04-30-2014

I very much agree with this. eBay's website should be a 100% SSL experience at all times while logged in and never redirect out of that until logout. I can see while being logged out not having SSL as there's no account infrormation or the like being exposed.

The problem is that this would create a lot of overhead that eBay is unwilling to take due to the increased processing time required by front-end load balencers and similar systems to perform the additional encryption. This isn't an excuse however but is a possible sign that eBay's infrastructure may be underequipped to handle a 100% SSL experience or an issue whereas people may complain that the overhead may slow each page load. At the same time I believe that solid SSL should be provided at the minimum as an option for those who don't mind the delays as an opt-in..

Doing some tests from my internet connection over 3 tests each from my Firefox browser from signin.ebay.com (no different than regular web requests, just with an attached "stop watch" if you will)...

Without SSL: 0.179 - 0.195 seconds per response

With SSL: 0.343 - 0.478 seconds per response