Both secure and non-secure for me add "Portal_2" after the link.

They added the app names after the IDs a long time ago. It is how it should be.

Why would you need HTTPS for the store? You are not sending any personal information.

He is all about the secure web surfing.

Valve would be DOS attacking their own servers by switching to HTTPS.

HTTPS is unnecessary for the Steam store, puts unnecessary load on the network and machines.

Use a VPN with encryption if you are worried about this stuff. OO and if you are running Windows, that will have to go aswell. (That was my daily Linux propaganda, gotta promote the good OS at least once a day )

Publicado originalmente por Omega:

Valve would be DOS attacking their own servers by switching to HTTPS.

HTTPS is unnecessary for the Steam store, puts unnecessary load on the network and machines.

Use a VPN with encryption if you are worried about this stuff. OO and if you are running Windows, that will have to go aswell. (That was my daily Linux propaganda, gotta promote the good OS at least once a day )

That is 1990s thinking, HTTPS no longer has the impact it used to thanks to modern instruction sets, etc.
Using a "VPN" to buy games violates the SSA.
The entire Community forces HTTPS as of recently, and it hasn't slowed down.

The bug I was reporting is if you access the Store page without the app name, if using the HTTPS protocol it forgets to add it to the URL automatically.

All this stuff will have to be encrypted and decrypted. Even if the difference is only 2% (Which I think was the extra overhead caused by HTTPS over HTTP on a network at most) that 2% on such a scale is still a lot of extra electricity usage, with a service as large as Steam we can easily start talking about $50 000 a day or likely much, much more which they have to spend on electricity.

And all that for no gain, since like I said before; no personal data is being sent.


Using a VPN is only not allowed if you are using it to "disguise the place of your residence, whether to circumvent geographical restrictions on game content, to purchase at pricing not applicable to your geography, or for any other purpose."

"Any other purpose" means if you are running it for any other Steam related reasons. That is my interpretation at least.

Publicado originalmente por Omega:

All this stuff will have to be encrypted and decrypted. Even if the difference is only 2% (Which I think was the extra overhead caused by HTTPS over HTTP on a network at most) that 2% on such a scale is still a lot of extra electricity usage, with a service as large as Steam we can easily start talking about $50 000 a day or likely much, much more which they have to spend on electricity.

And all that for no gain, since like I said before; no personal data is being sent.


Using a VPN is only not allowed if you are using it to "disguise the place of your residence, whether to circumvent geographical restrictions on game content, to purchase at pricing not applicable to your geography, or for any other purpose."

"Any other purpose" means if you are running it for any other Steam related reasons. That is my interpretation at least.

You do know VPN only encrypts to the VPN provider, and cannot replace HTTPS, correct?
You do have sensitive information if you are logged on in the form of login cookies. Abd HTTPS also protects against redirection attacks.

Publicado originalmente por Crashed:

Publicado originalmente por Omega:

All this stuff will have to be encrypted and decrypted. Even if the difference is only 2% (Which I think was the extra overhead caused by HTTPS over HTTP on a network at most) that 2% on such a scale is still a lot of extra electricity usage, with a service as large as Steam we can easily start talking about $50 000 a day or likely much, much more which they have to spend on electricity.

And all that for no gain, since like I said before; no personal data is being sent.


Using a VPN is only not allowed if you are using it to "disguise the place of your residence, whether to circumvent geographical restrictions on game content, to purchase at pricing not applicable to your geography, or for any other purpose."

"Any other purpose" means if you are running it for any other Steam related reasons. That is my interpretation at least.

You do know VPN only encrypts to the VPN provider, and cannot replace HTTPS, correct?
You do have sensitive information if you are logged on in the form of login cookies. Abd HTTPS also protects against redirection attacks.

I know. And since you are not sending any personal data it doesn't matter, nobody is ever going to know it's your traffic going to the Steam store page.

Logging in and confirming login is likely done encrypted.

Everyone is slowly but surely phasing out http these days, chrome and firefox are changing it here and there to signify that it's not secure to encurage websites to change over: https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/
https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html
same with the US goverment: https://https.cio.gov/everything/

Publicado originalmente por Omega:

And all that for no gain, since like I said before; no personal data is being sent.

HTTPS is not just about security, it's also about the integrity of the data. Some bad ISP's, wifi hotspots, etc likes to change websites and inject their own trackers or ads and that might mess up the site, HTTPS prevents that from happening.

It's also about privacy to some extent, no need to let everyone between you and the server know what Steam pages you are looking at when https is avaliable.

Looks like https can be faster and cheaper if done right: https://istlsfastyet.com

There is a great website that explains all this stuff but unfortunatly Steam thinks it's a bad site because it has https in the name: doesmysiteneedhttps.com
So if you get a warning then don't worry. EDIT: looks like they fixed that.

Publicado originalmente por Omega:

Why would you need HTTPS for the store? You are not sending any personal information.

Some internet service providers inject ads or annoying messages into steam.
Example : https://i.imgur.com/orYJCFW.png
More : https://www.google.com/search?q=comcast+https+steam+inject

With steam using HTTPS for store, these injected ads shouldn't be a problem no more.

Publicado originalmente por ۷คг:

Publicado originalmente por Omega:

Why would you need HTTPS for the store? You are not sending any personal information.

Some internet service providers inject ads or annoying messages into steam.
Example : https://i.imgur.com/orYJCFW.png
More : https://www.google.com/search?q=comcast+https+steam+inject

With steam using HTTPS for store, these injected ads shouldn't be a problem no more.

Ok, that is a valid reason. I was unaware that some ISP inject crap in to your browsing activities.

Wouldn't it make MITM so much harder? Isn't this alone enough?

Publicado originalmente por Omega:

Publicado originalmente por ۷คг:

Some internet service providers inject ads or annoying messages into steam.
Example : https://i.imgur.com/orYJCFW.png
More : https://www.google.com/search?q=comcast+https+steam+inject

With steam using HTTPS for store, these injected ads shouldn't be a problem no more.

Ok, that is a valid reason. I was unaware that some ISP inject crap in to your browsing activities.

Also even though your login encrypts and hashes your password the cookies written as part of the process should be secured in order to prevent session hijacking.
The same method used to inject ads is also used by attackers to redirect users away from legitimate login/checkout pages and towards an active MITM.