Amazon redirecting to HTTP

For the past couple of weeks, and have redirected me to Region-specific sites like still work fine. There is probably no MITM attacker, since the secure page is performing the redirect, so a MITM would have to have a valid certificate for, and if so he would presumably not add a redirect.

Questions for Amazon:

  • What the hell?
  • Why does your site work at all without HTTPS?
  • How am I going to buy things now?

It’s 2014, and this is unacceptable for an e-commerce site, plain and simple. Repent by implementing HSTS.