I learned about Pandora.com a while ago and have become a frequent listener of their service on my iPhone.
Recently they came to the conclusion that they will charge .99 cent when you go over 40 hours of use in a given month. Not a bad deal really, and when I go over 40 hours I have no problem paying the 99 cents.
HOWEVER a friend of mine IM’d me about how their payment page isn’t SSL. So any information you pass over the wire is free to see. So I went to their page and confirmed the initial thinking.
You can see the URL here:
Obviously no SSL from that stand point. When you look at the rest of the page though, it indicates that this transaction is secure:
So which is it? Actually kind of both. If you look at the source code of the site you see that the flash is actually embedded via SSL (click for full size).
But then there is a lot of javascript and such on this page that it just makes me way to nervous to put my credit card number on their site, and really I wouldn’t recommend anybody does it. So I am taking this gripe public and I hope they make the simple change to their site to remove all doubt.
So now I have a bit of a frustration. I could play by the rules as my faith pretty much demands I do, or I could create multiple accounts. I guess I’ll leave that to you.. I’ll play by the rules. But if I wanted to get around it, I’d create multiple accounts. The problem with that is that you end up having to monitor multiple emails and such. BUT there is a pretty cool solution if you have a gMail account.
myname@gmail.com is the same as myname+pandora1@gmail.com which is the same as myname+pandora2@gmail.com. With gMail anything after the ‘+’ symbol is ignored. So it all goes to my sole myname@gmail.com account. Cool trick huh? I won’t call out the buddy that gave me that tip on this blog. He can comment if he wants credit, otherwise its our secret.