This is a Firefox message. It means that although the page containing the form was loaded over a secure connection, the URL for the form submission is to be accessed over a non-secure connection. Getting around such “subversion” is the one of the main points of HTTPS Everywhere.<br>
<br>I had always assumed that HTTPS Everywhere still works in cases like this, but only intercepts the request after the warning you quoted is displayed to the user. It does work, right?<br><br>(It should also be noted that this is often the result of less security-conscious (negligent?) developers innocently hardcoding HTTP URLs into pages, rather than an actual attempt to avoid the use of HTTPS.)<br>
<br><div class="gmail_quote">On Sat, Jun 4, 2011 at 0758 (UTC-8), Frank Corrigan <span dir="ltr"><<a href="mailto:email@franciscorrigan.com" target="_blank">email@franciscorrigan.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<br>
The blog provider <a href="http://tumblr.com" target="_blank">tumblr.com</a> has introduced a very annoying override on<br>
it's httpS log-on page, when the log-in button is pressed a Security<br>
Warning pops up with:<br>
<br>
"Although this page is encrypted, the information you have entered is to<br>
be sent over an unencrypted connection and could easily be read by a<br>
third party.<br>
<br>
Are you sure you want to continue sending this information?"<br>
<br>
View screen capture:<br>
<a href="https://franciscorrigan.files.wordpress.com/2011/06/tumblr-https.png" target="_blank">https://franciscorrigan.files.wordpress.com/2011/06/tumblr-https.png</a><br>
<br>
I am not seeking technical help, just to alert list members to the<br>
subversion of https when entering passwords and usernames/email<br>
addresses. Which follows on from <a href="http://wordpress.com" target="_blank">wordpress.com</a> removal of the S in httpS<br>
for any https based url posted on a blog hosted under <a href="http://wordpress.com" target="_blank">wordpress.com</a>,<br>
when the posted httpS url is also a <a href="http://wordpress.com" target="_blank">wordpress.com</a> blog. (like the one<br>
above...)<br>
<br>
Frank<br>
<br>
_______________________________________________<br>
HTTPS-everywhere mailing list<br>
[snip]<a href="https://mail1.eff.org/mailman/listinfo/https-everywhere" target="_blank"></a><br>
</blockquote></div><br>--<br>Brian Drake<br><br>Alternate (slightly less secure) e-mail: <a href="mailto:brian@drakefamily.tk" target="_blank">brian@drakefamily.tk</a><br>Alternate (old) e-mail: <a href="mailto:brianriab@gmail.com" target="_blank">brianriab@gmail.com</a><br>
<br>Facebook profile: <a href="https://ssl.facebook.com/profile.php?id=100001669405117" target="_blank">Profile ID 100001669405117</a><br>
Twitter username: <a href="https://twitter.com/BrianJDrake" target="_blank">BrianJDrake</a><br>Wikimedia project username: <a href="https://secure.wikimedia.org/wikipedia/meta/wiki/User:Brianjd" target="_blank">Brianjd</a> (been inactive for a while)<br>
<br>All content created by me <a href="http://www.wipo.int/treaties/en/ip/berne/trtdocs_wo001.html" target="_blank">Copyright</a> © 2010–2011 Brian Drake. All rights reserved.<br>