Like many privacy-conscious web users I run a Chrome extension from the Electronic Frontier Foundation (EFF) called HTTPS Everywhere with an option Encrypt All Sites Eligible (EASE) which attempts to ensure that my browsing remains private by automatically redirecting to the HTTPS version of every page and alerting me when there is no HTTPS version available. I noticed such an alert appear when I clicked on a link from this MacRumors article which shows a destination of https://www.apple.com/leadership/ but actually goes to a redirect address starting with http://go.macrumors.com/ and having parameters id, isjs, iv, sref (the URL of the source article), url (the destination URL at apple.com), xguid, xs, xtz, xuuid and xjsf.
This is a problem for privacy because those parameters are all sent unencrypted to the server at go.macrumors.com. If I didn't have the extension that blocked the connection for me, anyone in the middle (my ISP, my government, etc.) could see that I accessed the source and destination URLs. I hope that MacRumors can work with Skimlinks to provide a HTTPS enabled redirect address to avoid going unencrypted and leaking the information to a man-in-the-middle.
This is a problem for privacy because those parameters are all sent unencrypted to the server at go.macrumors.com. If I didn't have the extension that blocked the connection for me, anyone in the middle (my ISP, my government, etc.) could see that I accessed the source and destination URLs. I hope that MacRumors can work with Skimlinks to provide a HTTPS enabled redirect address to avoid going unencrypted and leaking the information to a man-in-the-middle.
