Install „HTTPS Everywhere“ and force HTTPS on all your Smugmug urls to enjoy secured browsing while being logged in 🙂
Recently I was doing a roadtrip through the west of USA. During this trip, we stayed on many different Motels. I used those Motels‘ WiFi to upload our photos to Smugmug (using SnugUp btw, a great tool! http://www.snugupapp.com/).
I quickly noticed that most of the Motels‘ WiFis are not secured/encrypted at all. And while browsing my uploaded photos I quickly noticed that Smugmug didn’t use HTTPS at all. Well, it does for your login, which is great. But after that, you are stuck to unsecured HTTP. Which will of course transmit your session cookie, too. Which can be sniffed by everyone else who is signed in to the same unsecured WiFi.
So, what do you do first? Simply add https:// in front of the url. And TADAAAA, it works 🙂 Awesome, I thought, at first, but then I clicked on an image (or any other link) at, whoops, we are back to the unsecure HTTP connection…
So, all the sites on smugmug.com support HTTPS but all the links link to HTTP.
So what can we do about this? I quickly thought about a Chrome extension. There had to be a Chrome extension that forces a site to use https:// instead of http://. And yes! There is!
I installed „HTTPS Everywhere“ and I does exactly what we need here!
So, you can download/install it from the Chrome webstore directly via this link: https://chrome.google.com/webstore/detail/https-everywhere/gcbommkclmclpchllfjekcdonpmejbdp?hl=de&utm_source=chrome-ntp-launcher
After installing it and restarting Chrome (maybe reloading the website also works), you will quickly notive a new icon on the right of your address bar:
Once you click it, it will try to replace every occurence of http:// urls that it finds on this domain with the corresponding https:// url. It will show the following dialog to set this up.
After adding the site rule and reloading the smugmug website, you will notice that it automatically loads the HTTPS secured version 🙂
PS: I didn’t find anything in the Terms of Service that prohibits forcing HTTPS…