MyFitnessPal doesn’t use HTTPS

HTTP Shaming — MyFitnessPal does not protect your health…
MyFitnessPal does not protect your health information with HTTPS MyFitnessPal is a service that tracks your food intake, daily activity and exercise, and body measurements such as weight. Of course,…

When logged into MyFitnessPal, all of the pages transmit over insecure HTTP. Everything you eat, your body measurements, your daily activity, and any activity imported from third party services are all transmitted insecurely over HTTP. If you’re on a public wi-fi network, anyone can easily intercept this private health information.

Even worse, if you manually change the logged-in URL from insecure HTTP to secure HTTPS, MyFitnessPal forces you back onto insecure HTTP.


Ew. Guess it’s time to switch to Lose It! then…

P.S. HTTP Shaming is full of some pretty surprising — and utterly heinous — behavior from companies & organizations that should know better.