This is something that I have contacted the company about, but have yet to get a reply:

Unlike some other online retail sites, Amazon's sign-in page is unencrypted (ordinary http://...), which so far as I can see means that your password is sent in the open. However, if you click the "Continue (using secure server)" button without entering anything, you are taken to abother page which gives you an error message and invites you to sign in again. The difference here is that the page is secure (https://...) which means, I believe, that your log-in details will be encrypted when they are sent.

Why don't Amazon automatically connect you to the secure server before log-in?

hey, why don't every car out there have airbags everywhere?

maybe they just have some nifty reason for that..or are just unwilling to change it. and after all, why would it interest you (assuming you're not owner to Amazon.com in any way)?

Because if you decide to use Amazon it's your information that's being sent unencrypted.

Exactly.

So what I don't get is why they don't take a step that would improve their customers security while not presenting any significant technical difficulties that I can see.

In the meantime, I'll continue to annoy the server by clicking the button before entering my details.

yeah, I guess..anyway, there is a simple solution - don't be their customer. and eve if you were, then I don't think the help for the problem really lies here if I could do something about it, I probably would..is's Amazon that does, or then nobody. I guess the latter one.