Surprised to see amazon here. Mmm. You know if I shop for stuff all of a sudden everyone seems to know. Every website will show me related ads. Now that I think of it..
Also all browsing, including your cart, is served over HTTP until you go to the checkout page. You can't browse over https even if you explicitly ask for it. They don't need to ask Amazon for data if they have a router between you and them.
One of the reasons why I believe GOOG moved toward defaulting to HTTPS is not for your security, but to ensure that only they have a copy of your browsing history, research interests, etc.
Once someone in the middle has a copy, the value of their trove of data falls precipitously.
I'm surprised as well that Amazon doesn't use HTTPS, they have a lot to gain by being the only one that knows you're interested in a particular book and not anyone else. It could help them get the sale instead of competitors relentlessly targeting ads against you as soon as you express an interest to their site.
Look at the address bar in your browser while on the site. No padlock icon. If you switch the URL to https://, you're redirected back to http://. You don't need any special tools.
