
How did online shopping work before the arrival of HTTPS? - TazeTSchnitzel
According to Wikipedia, SSL was first released by Netscape in 1995, the year after Amazon.com was founded. How did they ensure security without using HTTPS?
======
sirclueless
At the time, WiFi wasn't a thing. The internet backbone was provided by the
government, and man-in-the-middle attacks were basically theoretical so far as
I know. Basically you trusted your hardware and internet provider, and so long
as there weren't any devices connected (probably by ethernet) to your local
network there wasn't an obvious way to sniff traffic or carry out an attack.

The world is different now, with a whole bunch of potentially untrustworthy
ISPs and a lot of broadcasting over public or easily-crackable WiFi and mobile
networks. That's why SSL is absolutely critical now, but it wasn't at the
time.

~~~
TazeTSchnitzel
Ah, I see, makes sense. Those were the days when Microsoft hadn't learned how
to make a secure browser, after all.

------
wmf
IIRC there was quite a bit of paranoia about credit card numbers (although
that may have been created to sell SSL) and "call us to complete your order"
was a big thing.

------
bcRIPster
In short. They didn't. It wasn't about IE not making a secure browser, none of
them were secure in that regard. In 1995, almost all of the browsers were
based on the original NCSA Mosaic source code (even IE). Once security started
to become a concern and SSL was introduced, browsers immediately started
implementing the protocol.

At that time the issue of security revolved around the retailer keeping your
personal information secure.

------
Sealy
You would trust in the people working to set up online shops. After all, at
the time they were at the forefront of technology.

Back in those days, people were more paranoid about malicious pop up windows
rather than man in the middle attacks. You would be able to tell who's been on
the naughty adult sites as their computers would be full of malware :P

Back then, if I purchased things online, I would make a point of requesting a
new credit card every year or so for additional security.

~~~
bcRIPster
Lol, I still do this :P

------
memracom
I remember ordering books from the O'Reilly website back in around 1993 and
when I got to the payment part, the page asked me to email credit card details
to an O'Reilly email address. I did so and received my books a few days later.

