1. What does SSTB mean? See our glossary of acronyms.
    Dismiss Notice

Switching FC to full-HTTPS

Discussion in 'Community Discussion' started by KeroZen, Sep 5, 2016.

?

Would you like that this forum transitions to full HTTPS (encrypted) operation mode?

  1. Yay!

    67 vote(s)
    87.0%
  2. Nay!

    1 vote(s)
    1.3%
  3. I'm clueless

    9 vote(s)
    11.7%
  1. KeroZen

    KeroZen Chronic vapaholic

    Messages:
    1,902
    Location:
    On Air
    I would like to discuss the idea of switching this site to full HTTPS operation mode.

    I think this is preferable, for a lot of reasons, but mostly privacy concerns. At the very minimum, it would encrypt the URLs you visit, which are currently visible in plain text by your ISP and anyone between them and the FC server. Those URLs often contain keywords that you might not necessarily like being associated to you etc.

    Also, Google has made it clear that it's the way to go and started ranking lower in their results all sites that are not using the protocol we're talking about. Not that we need any search optimization, but still it's the global trend to make that move to HTTPS.

    There are drawbacks though, the first that comes to mind but that has been debunked would be increased server resources consumption, but it's also not trivial and easier said than done...

    Now it's time to express your opinion!
     
  2. syrupy

    syrupy Authorized Buyer

    Messages:
    2,487
    I'm all for it. Also, there's the DNS issue--that even if ISPs can't read the content of the stream because of HTTPS, they can tell that a customer has been going to fc.com. For the tinfoil hat crowd, one workaround is to use a host file manager to hard code the DNS-- fc.com = 107.161.26.191. :ninja: :tinfoil:
     
    Last edited: Sep 5, 2016
    Vapor_Eyes, Maitri and KeroZen like this.
  3. syrupy

    syrupy Authorized Buyer

    Messages:
    2,487
  4. Senor Diesel

    Senor Diesel Member

    Messages:
    36
    As the owner of another large forum, I highly recommend utilizing SSL.
     
    Vapor_Eyes, j-bug and KeroZen like this.
  5. KeroZen

    KeroZen Chronic vapaholic

    Messages:
    1,902
    Location:
    On Air
  6. Dustydurban

    Dustydurban New Member

    Messages:
    6
    Location:
    In the Bushes
    If you are a really paranoid member you could use the TOR browser
     
    Vapor_Eyes and banana_republic like this.
  7. syrupy

    syrupy Authorized Buyer

    Messages:
    2,487
  8. Concupiscient

    Concupiscient Well-Known Member

    Messages:
    141
    Location:
    NOW
    Still under consideration?

    Anyone use a tor browser? Explain it?
    And last, what is SSL?
     
  9. syrupy

    syrupy Authorized Buyer

    Messages:
    2,487
    I don't know that it was ever under consideration, except by posters in this thread.

    SSL basics are covered in post #3.
     
    Concupiscient likes this.
  10. OldOyler

    OldOyler Fire it again. I can still find the ground.

    Messages:
    560
    Location:
    The War Room
    Vapor_Eyes, grokit and Concupiscient like this.
  11. Concupiscient

    Concupiscient Well-Known Member

    Messages:
    141
    Location:
    NOW
    I see ... but don't ...

    Tails/tour stuff fascinating ... an off-topic topic?
     
  12. OldOyler

    OldOyler Fire it again. I can still find the ground.

    Messages:
    560
    Location:
    The War Room
    Sorry, was kind of running around FC at the time.

    That Wired article is saying that getting a tor browser IMMEDIATELY puts you on a special list with the NSA. (You asked about it in a previous post)

    So, if what we were shooting for as a goal on this thread was the best security while staying off of LEO's radar, etc...

    Simply https would be great imo. Going with tor, etc. says "I am hiding something, so please come look at me" - so says govvie-gov themselves.

    :tup:

    Peace!
     
  13. Concupiscient

    Concupiscient Well-Known Member

    Messages:
    141
    Location:
    NOW
    Looks like I got on that list just by searching & reading ... REALLY? ... TBD in another topic?
     
    OldOyler likes this.
  14. OldOyler

    OldOyler Fire it again. I can still find the ground.

    Messages:
    560
    Location:
    The War Room
    I went ahead and starting talking all sorts of sh*t about the govt years ago with one of my (grown) sons. Stuff that has to be absolutely intolerable to the truly erudite.

    If I'm going to be on a list, well I want to make it a goodie!

    :tup:

    Look, we can protect ourselves to a reasonable degree with https, and that's why I shot a post over here, along with my vote.

    Peace!
     
    Vapor_Eyes and Concupiscient like this.
  15. damm

    damm Well-Known Member

    Messages:
    295
    Location:
    Pacific Northwest
    I think we need to first have FC support SSL then we could force people over. But 443 is closed so that would need to be addressed first.

    Would like to see SSL of course.
     
    Vapor_Eyes and OldOyler like this.
  16. OldOyler

    OldOyler Fire it again. I can still find the ground.

    Messages:
    560
    Location:
    The War Room
    I agree damm it is an all or nothing deal.

    I mean, no good for me to talk TO someone in a pm securely if THEY won't be reading it in https mode.

    Peace!
     
    Vapor_Eyes likes this.
  17. damm

    damm Well-Known Member

    Messages:
    295
    Location:
    Pacific Northwest
    Doesn't have to all or nothing at first. Sure everyone demands HTTPS because of the NSA but if you are truly worried you could be using TOR.

    SSH tunnel from an ec2 instance as your http proxy works great too. We do need to own our own security instead of expecting other people to provide it.
     
  18. OldOyler

    OldOyler Fire it again. I can still find the ground.

    Messages:
    560
    Location:
    The War Room
    Agreed. I just thought I was digressing from the tread topic, sorry!

    Yeah, I think that each person has to choose their risk, and heck whether to even face it in the first place.

    I do hope FC implements general site-wide SSL.

    Peace all!
     
    KeroZen likes this.
  19. hibeam

    hibeam alpha +

    Messages:
    126
    Location:
    Brave New World
    TOR always gobbled my resources so I suspected RAM and bandwidth pirating at the least. Actually these days I am more concerned about all the free content I give forums when other posters are getting paid for theirs. I miss the days before complete commodification of online content, when people gave info out of sheer generosity.
     
  20. hibeam

    hibeam alpha +

    Messages:
    126
    Location:
    Brave New World
    Yikes....what a gauche comment I made last night. I hope it helps to say FC is excluded from my concerns and then to apologize for the highjacking. Sorry!
     
    6079Smith and OldOyler like this.
  21. KeroZen

    KeroZen Chronic vapaholic

    Messages:
    1,902
    Location:
    On Air
    As you might have noticed, the poll is there only to gauge the interest but as we lack any decision power it's more symbolic than anything else...

    I'm regretting that no site admin nor moderator commented on this topic so far, be it just to clarify the reasons why it won't or can't be implemented.
     
    vapen00b and OldOyler like this.
  22. damm

    damm Well-Known Member

    Messages:
    295
    Location:
    Pacific Northwest
    It looks like this is hosted on a VPS; running nginx. Maybe there is a Control panel involved? however they can get a ssl certificate for free using LetsEncrypt or to be honest I use a 5$ ssl cert myself

    I'd be happy to assist with installation of said SSL Certificate; I would even be willing to buy the certificate if it's a lack of funds. But I understand if the admins are not interested.
     
  23. OldOyler

    OldOyler Fire it again. I can still find the ground.

    Messages:
    560
    Location:
    The War Room
    Nah damm, the mods here are seriously solid. And I really despise authority...

    I think it's the time of year and a few needed meetings. Plus there's the legendary vtac that probably has to give a nod.

    But I don't know sh*t, so that's just my guess.

    Peace!
     
  24. momofthegoons

    momofthegoons vapor accessory addict

    Messages:
    12,725
    Well... unless we stumble on to the thread... how are we expected to know? No one has tagged one of us..:shrug:

    Any decisions made here with regard to changes to this forum or it's software are made by the forum owner, @vtac . If you have something you would like to see changed, feel free to pm him. :2c:
     
    Hjalmark, vapen00b, Amoreena and 3 others like this.
  25. herbivore21

    herbivore21 Well-Known Member

    Messages:
    4,155
    As much as I agree with everything else you say here Mom, @syrupy tagged @vtac in here months ago lol :peace:
     
    KeroZen, momofthegoons and OldOyler like this.

Support FC, visit our trusted friends and sponsors