• Recent
  • Tags
  • Popular
  • Users
  • Groups
  • Register
  • Login
Suunto app Forum Suunto Community Forum
  • Recent
  • Tags
  • Popular
  • Users
  • Groups
  • Register
  • Login

No SSL encryption Movescount.com?

Scheduled Pinned Locked Moved Digital service transition
6 Posts 3 Posters 485 Views 3 Watching
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • C Offline
    ChubbyCrusher
    last edited by ChubbyCrusher 3 Sept 2020, 17:20 9 Mar 2020, 17:19

    I bought a Traverse maybe a year back and started down the road of trying to use SA. That hasn’t panned out as it seems the Traverse is not going to be really supported by SA. So a month or so back I decided I would try to use Movescount for a trip I had to Europe where I wanted to plan some routes. Anyway, after a few initials issues, I managed to get Movescount working on my Pixel 4 and started syncing a few activities. Anyway, I haven’t been using the site much, but today I wanted to check out the tracks from a ski tour I did this last weekend, and I see that Chrome is telling me Movescount.com isn’t using SSL. Is this true? I mean I have personal data and location data on the site, so it needs to use SSL. Also, was this change recent or did I just not notice it the few times I’ve used the site? I just emailed support, but someone please tell me this is user error and I’m just misunderstanding what’s going on. The is really the only option I have left to use this watch and I can’t use it without SSL.

    ssl.png

    Rob

    1 Reply Last reply Reply Quote 0
    • I Offline
      isazi Moderator
      last edited by 9 Mar 2020, 17:25

      The sign in seems to use SSL, the rest may be not for what I can see from outside. Disclaimer: never used MC, don’t have an account.

      Watch: Suunto Vertical Ti

      Blog: isazi's home

      1 Reply Last reply Reply Quote 0
      • C Offline
        ChubbyCrusher
        last edited by ChubbyCrusher 3 Sept 2020, 17:32 9 Mar 2020, 17:32

        Yes, it does use SSL for login, but it’s really poor security practice to have the main site with personal data not use SSL. Even if there is no form input, an attacker could inject code to that site to trick a user into input information and GPX files being downloaded without SSL means there is personal location data being moved int clear text. Anyway, thought I’d ask. I’m pulling all my data off the site now.

        1 Reply Last reply Reply Quote 0
        • C Offline
          ChubbyCrusher
          last edited by 9 Mar 2020, 18:27

          I verified that when downloading your GPX/FIT/other formats, files they are sent over HTTP as well:

          downloadNotSSL.png

          Anyway, I deleted all my moves and called support and asked them to delete my account. This is a big issue and your files can easily be sniffed using freely available open source tools. At the very least, don’t access this site on any kind of public wifi. Your data is in the open.

          1 Reply Last reply Reply Quote 2
          • D Offline
            Dimitrios Kanellopoulos Community Manager
            last edited by 10 Mar 2020, 08:06

            Movescount is going away so I suppose this will be solved in a way.

            Community Manager / Admin @Suunto
            Creator of Quantified-Self.io
            youtube.com/c/dimitrioskanellopoulos
            https://instagram.com/dimitrioskanellopoulos
            https://www.strava.com/athletes/7586105

            1 Reply Last reply Reply Quote 0
            • C Offline
              ChubbyCrusher
              last edited by 10 Mar 2020, 14:46

              Yeah I guess so, but in the meantime I have no good solution to use my Traverse. Personally, I’m not ok with my precise location data being exposed. A lot of my day rides start from my house, so that’s my exact home location. I’m surprised that Suunto is willing to take the risk of a major data breach on like this. I’m sure there’s some kind of regulations in various countries that they are not compliant with. Oh well, it is what it is. I’m crossing my fingers on routes and POIs using SA. I could be satisfied if I had those. 🙂

              1 Reply Last reply Reply Quote 5
              5 out of 6
              • First post
                5/6
                Last post

              Suunto Terms | Privacy Policy

                This community forum collects and processes your personal information.
                consent.not_received