Is the lack of https reason enough to abort form submission?
Preamble: Am in awe about the quality of both questions and answers on https / SSL on this site. My humble question below pales in comparison.
Both on professional and amateur websites I've encountered the following phenomenon, when trying to contact - that is, write to - the website's owner:
Rather than providing a straightforward contact@us.com email address, a form will be offered instead. Usually this form requires submitting at least two fields: your email address and your message. - Personally, I much prefer plain email, as this feels safer and more secure. If the form itself is both presented and submitted in https, I might be more willing to submit (true, non-fake) data.
Now I've come across a careers portal used by a number of companies which confronts applicant with a form in *.aspx and standard http (not https). The former already makes me uncomfortable, as I (wrongly?) perceive *.aspx to be an old/outdated Microsoft language. The latter, however, is the ultimate trust-breaker for me (lack of https).
This form asks applicants to submit personal details and to upload their CV as *.pdf.
My assessment of the careers portal: no evil intent but not up to scratch regarding internet security and (protection of) data privacy.
My question:
- Is the lack of
httpsreason enough to abort form submission?
Corollary:
- Would you consider private data submitted via said form to be effectively "public"? Only because someone (with evil intent) could have intercepted the unencrypted form submission, does this already mean that someone actually has?
