Over on Smerity’s blog, he details how someone could see what items you have purchased on Amazon, as Amazon serves that information using HTTP.
If you were to browse Amazon right now and someone was eavesdropping on your connection, they could tell exactly what you were looking at. Even if you’re logged in, all item browsing takes place over HTTP. This is tremendously odd given that it’s 2015 and encryption is well and truly fast enough for the masses…
It’s weird that Amazon hasn’t encrypted all of this traffic over HTTPs, and according to someone on HackerNews, they plan to move everything over to HTTPS by September. Let’s hope they do!