For private cloud based Brains, whilst the Cloud logon page is SSL secure via https am I correct in assuming that once a connection is made and a private Brain opened, the internet traffic/data back and forth is completely unencrypted over the internet as it takes place on a basic unencrypted HTTP connection.
To quote from Wikipedia today:-
“A site must be completely hosted over HTTPS, without having some of its contents loaded over HTTP, or the user will be vulnerable to some attacks and surveillance.”
”On a site that has sensitive information somewhere on it, every time that site is accessed with HTTP instead of HTTPS, the user and the session will get exposed.”
Surely comprehensive SSL connections are essential for private Brain access if there is sensitive information and in order to comply with Data Protection legislation in various countries. Your Press Release on 7 May 2013 refers to "online secure cloud services" which implies the service can be used for sensitive information and if the above is correct does appear to be misleading.
If the internet traffic is unencrypted and SSL or HTTPS connections are the only way to properly secure data, either TheBrain team need to make this very clear and transparent to existing users and new customers on the website or to very quickly dig into your pockets and implement SSL connections across all cloud service connections.
Whilst I do love TheBrain software and the recent enhancements to Cloud services I will not feel comfortable accessing private Brains containing sensitive information online until this situation is clarified/remedied.