Ahhh, understood. There's someone between what you see as "ebay.com", where the ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		CannisterFlux on June 29, 2016 \| parent \| context \| favorite \| on: Ebay posts every character a user types into the p... Ahhh, understood. There's someone between what you see as "ebay.com", where the GET is decrypted, and the actual ebay machine that will use the password information. I was thinking of it at the user-agent level. The GETs never leave your machine in plain text. I did not consider that the other end where you send the information could be "flakey". Bloody hell, it's a miracle anything works at all.

bencollier49 on June 29, 2016 [–]

Not even necessarily, but the https logs are likely archived to another server, and that server will likely be secured completely differently.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact