When logged into MyFitnessPal, all of the pages transmit over insecure HTTP. Everything you eat, your body measurements, your daily activity, and any activity imported from third party services are all transmitted insecurely over HTTP. If you’re on a public wi-fi network, anyone can easily intercept this private health information.

Even worse, if you manually change the logged-in URL from insecure HTTP to secure HTTPS, MyFitnessPal forces you back onto insecure HTTP.


Ew. Guess it’s time to switch to Lose It! then…

P.S. HTTP Shaming is full of some pretty surprising — and utterly heinous — behavior from companies & organizations that should know better.