Share
View previous topicGo downView next topic
Junior Member
Junior Member
Posts : 48
Join date : 2017-01-07
View user profile

HTTPS for this site?

on Sat 1 Apr - 7:46
Given the nature of this site, I think it's long overdue for mandatory https (SSL). Plain unencrypted communication is placing ks2016 users at risk. Does Forumactif support SSL and what does it take to make it happen?
avatar
Admin
Posts : 796
Join date : 2016-04-14
View user profilehttps://consanguinamory.wordpress.com

Re: HTTPS for this site?

on Sat 1 Apr - 14:34
Since we got this forum for free, I doubt it has that kind of feature. However, the server for this forum is located in France, which is a country in which consanguinamory isn't illegal. This was important for our security, as it means that the forum contents cannot just be subpoenaed by unfriendly governments. Add to that the private forum system we have set up here, we're as safe here as we are able to be. That said, we're already working on finding alternatives behind the scenes, KS as you know it will not be a permanent place, merely somewhere to stay until a better alternative is found.
Guest
Guest

Re: HTTPS for this site?

on Sat 1 Apr - 15:00
It may be legal here, but the French government has a bad but persisting habit to persecute anyone it deemed as having a "sectary" behavior. French people are even more obsessed by anything related to children than Americans. Since we are all big pervs beyond salvation (for common French folks), we having children like everybody else, is already suspicious. Not long ago, a vegan couple had his children taken forcefully by social service, for applying veganism was for them an act of willful endangerment. Though the child was no less healthy than others'.
Junior Member
Junior Member
Posts : 48
Join date : 2017-01-07
View user profile

Re: HTTPS for this site?

on Sat 1 Apr - 15:13
Hi, the risk is mainly on the user/client side. The network traffic can be easily monitored and captured since it's being sent in plain text. This capture could occur at the Internet service provider or at the client site. Worst case would be someone accessing KS at a restaurant or coffee shop with an open WiFi network. The amount of skill and determination required is surprisingly low.

I'll look into this and see if Forumactif supports SSL.
Guest
Guest

Re: HTTPS for this site?

on Sat 1 Apr - 15:26
Here, it's recent. But it's in French. http://forum.forumactif.com/t390029-certificat-ssl-guide-d-un-passage-reussi-du-forum-en-https
avatar
Admin
Posts : 456
Join date : 2016-04-15
View user profilehttp://marriage-equality.blogspot.com

Re: HTTPS for this site?

on Sat 1 Apr - 15:51
What about people using a VPN?
Junior Member
Junior Member
Posts : 48
Join date : 2017-01-07
View user profile

Re: HTTPS for this site?

on Sat 1 Apr - 16:05
VPN would mitigate the risk. But we shouldn't have to... It's not practical or realistic for the average user.
Guest
Guest

Re: HTTPS for this site?

on Sat 1 Apr - 22:14
VPN... Let's all dive into the Deep Web ! Seriously. Nothing more than what an ordinary browser can do without any further of computer science, will do.
avatar
Admin
Posts : 437
Join date : 2016-05-21
Location : is a secret
View user profile

Re: HTTPS for this site?

on Sun 2 Apr - 8:33
Unless I'm mistaken, VPN isn't 'deep web'. And most free ones aren't exactly good; if you aren't paying for a product, then the product is you! even that aside, most paid-for VPNs aren't immune to federal subpoenas... but if we ever attract that much ire, it may not be too important what we're using.
I agree archer, if possible, HTTPS would be great! but Jane is spot-on too. Make do with what you have, right?
Security is a gradient, you just have to pick which shade you feel comfortable with.
TOR Browser is... well, it's good but you still have to know a little for proper use. And it's not a cure-all either, it can't protect from a man-in-the-middle attack. HTTPS would make a MITM fairly difficult.
avatar
Newbie
Newbie
Posts : 14
Join date : 2017-04-01
View user profile

Re: HTTPS for this site?

on Sat 8 Apr - 2:16
I noticed the lack of HTTPS myself. It shouldn't be an issue of paying. It's basic net security protocol at this point. Anyone who doesn't have it is lazy or old fashioned.

As far as VPNs, I agree that only the for-pay ones are any good. I would quibble with the subpoena point though. I use the service I use specifically because they only track memberships and log-ons, not traffic behavior. Even if they were subpoenaed, they could only say that I'm a member, which they'd probably already know.

From that article Evanescente posted, it looks like we can request SSL protection for our forum. We should go ahead and do that. There's no reason for our web requests to be unencrypted.
avatar
Admin
Posts : 437
Join date : 2016-05-21
Location : is a secret
View user profile

Re: HTTPS for this site?

on Sat 8 Apr - 6:28
You're correct, there are some that don't retain user information. I should've mentioned that myself; thank you for doing so. If we can have SSL here without much ado, I don't see why not!
Junior Member
Junior Member
Posts : 48
Join date : 2017-01-07
View user profile

Re: HTTPS for this site?

on Fri 21 Apr - 21:33
The document linked above mentions something about spending 500 credits for 12 months of HTTPS. Wondering what these "credits" (translated from French) cost...
Sponsored content

Re: HTTPS for this site?

View previous topicBack to topView next topic
Permissions in this forum:
You cannot reply to topics in this forum