Please use HTTPS to secure the private Contact Form.

  • 9
  • Idea
  • Updated 3 years ago
  • (Edited)
Archived and Closed

This conversation is no longer open for comments or replies and is no longer visible to community members. The community moderator provided the following reason for archiving: Old thread

This contact page:  http://www.imdb.com/helpdesk/contact_form
says that its contact form "... should only be only to ask questions or report issues
which are not suitable for posting in a public forum (e.g. issues
regarding your account or data, or anything where you need to include personal information such as your email address or other personal details)."
  [Emphasis added.]

IINM, the page and links thereto, and the contact form itself, are not secured with HTTPS?  Why not?  These days, any page or contact form that invites submission of confidential information should preferably use a secure connection, right?

Suggestions:

(1)  Please serve that page via HTTPS
(i.e., at the same URL but with https:// instead of http:// ),  and

(2) Set up an automatic redirect from the http:// URL to the https:// URL
(so that all existing http:// links to the page can simply remain unchanged).
.
Photo of (closed account)

(closed account)

  • 379 Posts
  • 430 Reply Likes

Posted 5 years ago

  • 9
Photo of Dan Dassow

Dan Dassow, Champion

  • 13115 Posts
  • 13365 Reply Likes
Lucus,

I fully endorse your suggestion.

I did not notice that the help desk form did not use the encrypted HTTPS protocol for personal data. I'm surprised that no one else has suggest this before.
(Edited)
Photo of Kay

Kay

  • 12 Posts
  • 1 Reply Like
+1
Photo of (closed account)

(closed account)

  • 379 Posts
  • 430 Reply Likes
Addendum:
I wish to amend part (2) of my suggestion above.
Instead of relying on an HTTP-to-HTTPS redirect, instead if possible
please modify all links to the contact page to use HTTPS without a redirect.

(I should also note that I'm not a security expert, and
I hope I never sound as if I were pretending to be one.)
(Edited)
Photo of (closed account)

(closed account)

  • 379 Posts
  • 430 Reply Likes
In another thread today, employee Henry C. wrote:
> "For issues related to individual/specific account, please contact our customer service staff directly at http://www.imdb.com/helpdesk/contact_form -- for obvious reasons, we can't provide assistance or responses related to individual accounts on a public forum. ..."

I won't post here in this thread again, so, for the final time:
Please consider securing that contact form with HTTPS.  Thanks!!
(Edited)
Photo of DavidAH_Ca

DavidAH_Ca, Champion

  • 3261 Posts
  • 2917 Reply Likes
I 'liked' this suggestion.

For many, possibly even most of the traffic, the security provided by HTTPS is not necessary (e.g. correcting News Item links); however, enough contacts contain sensitive data that the security should be there.
Photo of Nobody

Nobody

  • 1455 Posts
  • 706 Reply Likes
Thanks, David.
Photo of Nobody

Nobody

  • 1455 Posts
  • 706 Reply Likes
HTTPS support is apparently forthcoming:
When I tried to use HTTPS URLs to access some IMDb pages, I saw a message that said IMDb "hope[s] to launch SSL (actually now TLS) access to all pages on IMDb in the very near future."
Photo of Nobody

Nobody

  • 1455 Posts
  • 706 Reply Likes
(Note:  I'm the original poster of this thread.)

The topic came up peripherally in another discussion today (my fault).  So instead of discussing it there, I'm bumping this old thread -- because I believe the topic deserves to be publicly spotlighted occasionally (annually) until IMDb implements HTTPS on private contact pages.
Photo of Nobody

Nobody

  • 1455 Posts
  • 706 Reply Likes
I'm bumping this again because I was reminded of the topic today, when Michelle asked someone to submit highly confidential information through the "private" contact form.  IMDb, please use HTTPS to help secure the privacy of that contact form.  (I promise not to bump this thread again.)
Photo of Dan Dassow

Dan Dassow, Champion

  • 13104 Posts
  • 13313 Reply Likes
... and it is time for to click like again.

This conversation is no longer open for comments or replies.