Unencrypted content: a threat to Google’s business model

Google’s recent announcement to give a (currently still small) ranking boost to websites using HTTPS is undoubtedly going to make the web safer for everyone.

Missing from the discussion is the fact that unencrypted content and unscrupulous ISPs present a small, but growing threat to Google’s business model. Google depends on ad revenue, and insecure connections allow third parties to tamper with data while in transit. ISPs can use this to their advantage by injecting their own ads. This is already happening: see here or here and this topic on reddit. It was also briefly mentioned in one of the comments under the original “ranking boost” announcement:

HTTPS ads comment google

HTTPS ensures data integrity and would make ad injection not only technically far more difficult, but also most certainly illegal. This also explains why Google says that even simple “content sites” should use HTTPS: they might not collect any user data, but they can still serve ads.

Being a good citizen of the web” and making the web safer for everyone sounds nice and is certainly something many people working at Google have in mind. However, it would be naive to assume that Google isn’t also looking out for it’s own commercial interests.

eFax reviews and alternatives

eFax reviews make “Hotel California” look good

Before signing up with eFax, do yourself a favor and read the reviews on websites like epions.com, yelp.com or viewpoints.com.

From my own experience I can confirm that it is difficult to cancel your account with eFax. You also have to be careful if they offer you a more reasonable rate: In my case this rate reverted back to the original rate after 4 months. The customer service representative admitted that “he didn’t know about this” and offered to reactivate the cheaper rate for another four months. At this point I asked him to cancel my account instead, which he pretended to do after asking for my PIN. Unfortunately, eFax kept charging me and when I complained by email, I was told that my account had never been cancelled and that I had to call them again (which I just did). This time I had a witness listening to the conversation and wrote down the name of the person I talked to (she essentially refused to give me her last name, claiming there was only one person with her first name working there). If they still keep billing me I’ll simply ask my bank to do a chargeback.

I’d also like to point out that eFax sends you every received fax by email (as an attachment, in addition to letting you download it through the message center). While this is certainly convenient, it may be a serious security risk if a fax contains sensitive data. Unencrypted emails are about as secure as a postcard. Some people prefer to send a fax precisely because they do not want to send an (unencrypted) email. Having eFax transform faxes into an emails is not a good practice.

eFax alternatives

There are a lot of companies offering similar (or even better) services for fax sending and receiving. I eventually signed up with PamFax not only because they were cheaper, but mostly because they make it very easy to cancel your account. They also never send the actual fax by email, you only get a notification and then download the fax over a secure connection (SSL)  Your fax is now sent as an attachment, though you can change this under Account>Notifications1. PamFax allows you to integrate your account with Skype, Facebook, Salesforce, Box.net, Dropbox and Google Docs (to varying extents) and their modern website makes eFax look really dated.

Finding reviews for Pamfax was a bit difficult. There are a few confusing reviews in the Skype apps shop. As the service is run by a German company, you can also find some user reviews in German on heise.de (currently 8 reviews with an average of 4 stars out of 6).

Personally, I’m very satisfied with PamFax so far.

Another online fax service I found was PopFax. If you know any other eFax alternatives, please leave a comment.

Here’s another option: If you own a Fritz!Box, that might be all you need to receive and send faxes. However, I found that the integrated Fritz!Box fax was clearly less reliable than an actual fax machine.

Update October 2nd, 2012: HelloFax.com is one more alternative I just found (didn’t try it out though, still very satisfied with PamFax).

Update January 16th, 2013: Simple-Fax.de is yet another service (apparently only available in German). 1I’ve also updated the description for PamFax above.

Do you want to view only the webpage content that was delivered securely?

Does Internet Explorer annoy you with this security warning?

Do you want to view only the webpage content that was delivered securely?

This message appears when you’re using a secure connection (https://) and the website is trying to load non-secure (http://) elements, too. The culprit was easy enough to find (using HttpWatch or similar tools):

HttpWatch sniffer results

What made this case unusual is that it wasn’t a server-side problem. Instead, the DivX HiQ plugin + Web Player Beta installed on the client’s machine was causing the issue on every single secure page. The warnings disappeared after uninstalling DivX HiQ (disabling the plugin should work, too):

Uninstalling DivX Web Player Beta

So, if Internet Explorer is suddenly giving you these warnings, check if you’ve recently installed DivX.