+- PINE64 (https://forum.pine64.org)
+-- Forum: General (https://forum.pine64.org/forumdisplay.php?fid=1)
+--- Forum: General (https://forum.pine64.org/forumdisplay.php?fid=74)
+--- Thread: Why is this site not encrypted? (/showthread.php?tid=12052)
Why is this site not encrypted? - Cthululz - 11-06-2020
Who has an HTTP site in 2020? Especially one that asks for a user signup/login?
Let's Encrypt is FREE.
RE: Why is this site not encrypted? - evilbunny - 11-06-2020
(11-06-2020, 03:32 PM)Cthululz Wrote: Who has an HTTP site in 2020? Especially one that asks for a user signup/login?
Let's Encrypt is FREE.
What's not encrypted?
RE: Why is this site not encrypted? - KC9UDX - 11-07-2020
It is encrypted, even though we don't actually need it. If you have something detrimental in your account here, you're doing something wrong.
If you want to talk 2020, no one uses forum sites, we should be video conferencing.
RE: Why is this site not encrypted? - LinAdmin2 - 11-07-2020
(11-06-2020, 08:20 PM)evilbunny Wrote:Even evil mods should be able to find out that this forum, when accessed via http, does not automagically redirect to https?(11-06-2020, 03:32 PM)Cthululz Wrote: Who has an HTTP site in 2020? Especially one that asks for a user signup/login?
Let's Encrypt is FREE.
What's not encrypted?
RE: Why is this site not encrypted? - evilbunny - 11-07-2020
(11-07-2020, 06:43 AM)LinAdmin2 Wrote: Even evil mods should be able to find out that this forum, when accessed via http, does not automagically redirect to https?
Smart users use add-ons to force https where possible.
RE: Why is this site not encrypted? - LinAdmin2 - 11-07-2020
(11-07-2020, 07:01 AM)evilbunny Wrote:Politeness forbids me to tell what actions non evil, but smart mods would take...(11-07-2020, 06:43 AM)LinAdmin2 Wrote: Even evil mods should be able to find out that this forum, when accessed via http, does not automagically redirect to https?
Smart users use add-ons to force https where possible.
RE: Why is this site not encrypted? - KC9UDX - 11-07-2020
Automatically redirecting makes things a real pain for people who don't use it. Sites that use good old http the way the www was meant to be, are a godsend to some of us who don't like to use bloatware, or who don't have unlimited data.
This isn't a banking site, I'm pretty sure.
RE: Why is this site not encrypted? - vurpo - 11-07-2020
Whether or not this is a banking website or not is irrelevant to whether or not HTTPS is useful. Any website served over HTTP is subject to injection of malicious stuff like ads, cryptominers, drive-by attacks, phishing, or worse, whether it is your bank's website or a website with nothing but a GIF of a dancing cat on it. This is not just hypothetical, this is actually happening in the wild in the real world.
RE: Why is this site not encrypted? - LinAdmin2 - 11-07-2020
(11-07-2020, 08:45 AM)KC9UDX Wrote: Automatically redirecting makes things a real pain for people who don't use it. Sites that use good old http the way the www was meant to be, are a godsend to some of us who don't like to use bloatware, or who don't have unlimited data.Please explain how automatic redirextion makes things a real pain?
I can see this only for silly users not capable to do httpS.
RE: Why is this site not encrypted? - KC9UDX - 11-07-2020
(11-07-2020, 04:18 PM)LinAdmin2 Wrote:Because not everyone wants to or even can use modern encryption. Use it if you want to, don't automatically redirect the rest of us. Why do you need automatic redirection to do something you want to do? Maybe we need a government mandate to force everyone to use HTTPS.(11-07-2020, 08:45 AM)KC9UDX Wrote: Automatically redirecting makes things a real pain for people who don't use it. Sites that use good old http the way the www was meant to be, are a godsend to some of us who don't like to use bloatware, or who don't have unlimited data.Please explain how automatic redirextion makes things a real pain?
I can see this only for silly users not capable to do httpS.
Just because I choose to use a 50MHz computer that gets the job done better than a 5GHz one except for modern 768 bit web site encryption doesn't make me silly. Just because I have a very limited data plan or slow connection doesn't make me silly. What's silly is demanding that everyone else do what the majority believes is the only proper way to do something.
The only emi-legitimate reaon to want automatic redirection i becaue the S key doen't work and omeone i too lazy to ue a "bookmark".
(11-07-2020, 01:54 PM)vurpo Wrote: Whether or not this is a banking website or not is irrelevant to whether or not HTTPS is useful. Any website served over HTTP is subject to injection of malicious stuff like ads, cryptominers, drive-by attacks, phishing, or worse, whether it is your bank's website or a website with nothing but a GIF of a dancing cat on it. This is not just hypothetical, this is actually happening in the wild in the real world.So use HTTPS. I'll take my chances and suffer the consequences.