Xdev magazine ... buying not secure

It seems buying the Xdev magazine isn’t secure.
In fact, Gumroad is a terrible choice to use as a payment service. It is pretty well known to be using un secure payments in the past.

Any way to buy Xdev with a secured payment link?

Not a direct answer to your question, but alternatively consider the 2018 Omgabundle which is more expensive but gives you access to a great volume of stuff in addition to xDev access.

Odd, my checkout experience looks nothing like yous, maybe its been fixed already.

It’s just harder to find the Gumroad thing - I had the same experience you did, Julian. If you click one of the single issues a little lower on the page you can buy them individually from Gumroad and see what Christoph posted.

I’m dead shocked that there isn’t even a https option (try it, no response). I sent this thread link to the feedback email address so hopefully someone at Xdev sees this and corrects the issue.

I see a “pay with Paypal” button at right-down. That directs you to Paypal payment gateway (for a single number also). Is that not secure for you?

Ah didn’t see that down there, cheers. The POST goes to a secure URL (https://gumroad.com/purchases) so its technically secure but it doesn’t show it where most people will look which is a bit icky. It certainly would raise concerns if I were asking to input card details there.

Lack of SSL these days is just bad practice IMHO as you’re also losing out on preferential rankings from search engines. It’s so trivial to route the site via something like CloudFlare to get free SSL or to pick up a super cheap certificate.

Did you try? That will not buy you a single issue.

About Gumroad:
They have a very bad reputation in general. Just watch their website and take a peek at the ‘references’ … 99.99% fake (and funny too).

Anyhow, if Xdev cannot be bought secure (for single issues) … I pass …

Safari displays “Website Not Secure” on all http sites now. Nothing has actually changed. Whether the payment processing part of the site is secure is another question.

Not directly on how to fix the issue, but there are some credit cards that let you create a one-time use number with X limit and expiration date. If you want to be safe, maybe one of your cards have that feature.

I’dont see an issue http://www.xdevmag.com/ is unsecure because you enter there no information, then when paying in Paypal you are under secure Paypal site. I get the paypal form from any purchase in http://www.xdevmag.com/ Yes, for single issues also.

Hi Folks!

The xDev website itself (http://www.xdevmag.com) isn’t HTTPS, but when you go to a payment page to enter your payment information it is on a secure server. I don’t see why that’s a problem. It’s been this way for years.

I use Gumroad as they offer instant delivery of electronic items, but you can also buy subscriptions or individual issues via my own credit card processing service (via the AmeriCommerce shopping cart software) which is also secure.

Another option is to pay directly via PayPal (send funds to my email, publisher@xdevmag.com, and tell me what you’re buying).

You could really ask your provider for an SSL certificate and change all links to order pages to go on the https url.

Does cost you nothing (if your provider is “fair”).


Stripe will close your account if you do that, even when using their JS/iframe solution - your site must be served over https.

Don’t forget you can get free SSL certs through Let’s Encrypt Personally I found the tools and instructions on their site to be a bit hard to understand, so I use a third party tool getSSL

Not having a site use SSL is not excusable nowadays… (plus all the major browser makers are going to be flagging HTTP only sites as insecure in the near future, so that’ll look bad to the end users)

I guess I could, but what would that accomplish?

Nothing would change — no user information is ever entered on my site, only on the HTTPS connection of the third-party processor. Since that’s secure, why does my site need it?

Just because the browsers now say that your site is not secure (that’s enough for some users to not visit/buy something):

Technically, arguably nothing. But if / when browsers start flagging sites which are NOT using HTTPS, you could have a perception issue. And we all know perception is reality, at least for many folks. It may also affect search engine rankings, which could equate to a more tangible reason to do it.

It’s a perception thing, the major browsers will flag your site as insecure and I seem to recall reading that a future version of Chrome will refuse to display a web page over HTTP until the user has actually clicked a button to say that they accept that the site (to which they cannot see) is insecure.

But like you say, it’s not that the site is insecure at all, it’s simply to reduce man-in-the-middle attacks. A better solution to this “problem” would be to sign each page, image and movie and have the browser verify the signing (like application code signing), then man-in-the-middle become irrelevant and there’s a way to ensure that the web content actually comes the company or individual.

After all SSL does nothing if your server gets hacked and files are replaced with “MacKeeper”.