by whatthetel 2016-09-24, 9:52 am
The point of a dot tel is to share and transfer data freely, in this usage case https is not needed as there is no need to secure anything on the front end if you use dot tel like this.
The reason why Telnic don't use it is because they're obsessive about "page loading times" (hence the low-quality template's), adding https slows the page loading down and they wanted to market tel as "faster than any other site/service for retrieving contact data".
Though you can have private data, and if you do have private data stored in the dot tel when viewing it you should be in https, but I believe you're redirected to another proxy section / service that renders the contact data in https? http://telfriends.tel/login_input.action ?
The only reason you'd need https to cover the whole proxy is to prevent someone knowing what you did on a tel? if you clicked a link? called a number? as they can still see you visited a dot tel site if you use https, and as there is not much contact data on one someone would have to assume you clicked on something to contact them, so I don't think https would make much difference on a low content site.
However, can https prevent someone changing the contact data as it's in transit to your browser or mobile device? so you dont end up calling an injected premium number when you actually wanted to call someone else?
In cryptography and computer security, a man-in-the-middle attack (often abbreviated to MITM, MitM, MIM or MiM attack or MITMA) is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.The internet says this assumption is wrong,
https://www.linkedin.com/pulse/does-https-prevent-man-middle-attacks-eric-diehlThe only reason we'd need https is to protect google rankings and ensure people visit the dot tel to contact us, as they would be conditioned to avoid non-https by google and other search engines / browsers.
So you're right it should be implemented, as should google, email, or sms 2-factor authentication for the telhosting as these tel domains are supposed to hold important contact data why are the telhosting logins not protected fully from hacks?