1. A no-so-short post addressing what's been going on recently.
    Dismiss Notice
  2. Interested in a popular vape? Short on time? Be sure to check out the Best Of threads for Plug-Ins and Portables.
    Dismiss Notice
  3. What does SSTB mean? See our glossary of acronyms.
    Dismiss Notice

Switching FC to full-HTTPS

Discussion in 'Community Discussion' started by KeroZen, Sep 5, 2016.

?

Would you like that this forum transitions to full HTTPS (encrypted) operation mode?

  1. Yay!

    50 vote(s)
    87.7%
  2. Nay!

    0 vote(s)
    0.0%
  3. I'm clueless

    7 vote(s)
    12.3%
  1. momofthegoons

    momofthegoons vapor accessory addict

    Messages:
    12,725
    You are correct as usual @herbivore21. ;) Hopefully with me tagging him too (and perhaps a pm?) he will respond this time.

    [​IMG]
     
    Last edited: Dec 19, 2016
    Silat, HellsWindStaff, syrupy and 7 others like this.
  2. OldNewbie

    OldNewbie Well-Known Member

    Messages:
    537
    Nah, I'll just bang my head against the wall by posting here. Better than being effective.

    My understanding of the core concept of a forum like this is many fold, but focused on selling and supporting vaporizers and vape equipment. I'm sure that it is a service to those in need is a part of the owner's goals. But, I suspect the bottom line is...at some point...the bottom line. With that in mind, unless the owner wants to slowly drain this swamp of highly-motivated people, the forum has to change.

    Those here will probably shrink over time for any of a number of reasons and word of mouth is not going to drive members. The forum needs/wants to grow in members and most of them will have a virus check on their computer and will come here from Google.

    My current "security" software[​IMG]

    flags unencrypted sites. (As does Chrome.) Google gives a ranking boost to sites that use HTTPS and it is rumored, based on their stated goal to have it "everywhere", at some point the ranking will push down to the point FC is off the front pages no matter how accurate a thread is to the question searched.
     
    GreenHopper and grokit like this.
  3. HellsWindStaff

    HellsWindStaff Dharma Initiate

    Messages:
    1,555
    The only time I ever used TOR I did it from public wifi at McDonald's but I also installed on an old laptop specifically to see if I could get it to work, very interesting stuff IMO didn't have a full grasp on all of it at time (still don't) but fascinating to me the idea of the dark net......is it really dark if you can google instructions to find it? Prob better thoughts for other threads :lol:

    I voted yay I am not overtly paranoid but IMO it's good practice to use HTTPS. There was a program I thought that let you make your own certificates that was free but name escapes me.. Not all that familiar but made self signing certificates to use with controllers I was using Node Red with? If that would be same thing needed. But was very easy
     
    grokit likes this.
  4. momofthegoons

    momofthegoons vapor accessory addict

    Messages:
    12,725
    If our focus was to support the selling of vape equipment, we'd have a whole lot more sponsors. I happen to know that vtac has turned down quite a few; wanting the number to stay the same. He gets no 'kick back' from the vendors and manufacturers that post here (other than the sponsors who pay an annual fee). So no... the purpose of this forum is NOT to support the selling of vape equipment. It was set up to exchange vape information and chat.
     
    RUDE BOY, Amoreena, CarolKing and 4 others like this.
  5. muunch

    muunch zzzzz

    Messages:
    571
    Not understanding why TOR/tails are even being discussed here.

    If you're using either of those to browse this forum, regardless the legality of cannabis in your state/nation/etc... take off your tinfoil hat.
     
    Last edited: Jan 4, 2017
  6. grokit

    grokit well-worn member

    Messages:
    11,170
    Location:
    the north
    If I was really paranoid I would secure my home with a router-level vpn and be done with it.

    But I'm just "medium-paranoid", so I take what I believe are "normal" precautions.

    Besides, the vpn thing sounds like a lot of work I don't know how to do.

    Even I can see that an https upgrade to fc would be a plus.

    :tinfoil:
     
    Silat and OldNewbie like this.
  7. muunch

    muunch zzzzz

    Messages:
    571
    VPNs are more trouble and money than they're worth. I'd rather just buy a cheapo laptop off someone local (the older and crappier the better if all you're doing is browsing the internet) and only use public wifi.

    I'd wager using public wifi alone is as secure as a VPN or close to it.
     
  8. damm

    damm Active Member

    Messages:
    157
    I don't really understand the point of your post here. If you are trying to provide some basic level of security to avoid your ISP from knowing what you are doing (which is the basic reason of HTTPS).

    If you use this forum on a public WiFI you should absolutely use a VPN or TOR as it's absolutely easy to sniff and get your username/password over wifi.

    Heck there's tools that make it easy to steal the facebook credentials.

    https://en.wikipedia.org/wiki/Session_hijacking#Exploits
     
    grokit likes this.
  9. muunch

    muunch zzzzz

    Messages:
    571
    My point was if you're THAT paranoid where you think your ISP is going to come after you for viewing/browsing a forum about cannabis... then idk.

    People talking about tails and TOR to access THIS SITE is (while perfectly valid and secure) way overkill. I can't see a reason for it. That was my point.

    I don't have any identifiable information on here so I really don't care if the account was to be compromised. Maybe some do? I don't know.

    My post wouldn't have been made if tor/tails wasn't mentioned in regards to browsing this site, so I guess that's the point? idk?

    HTTPS for FC? ok - perfectly valid and this should probably be a standard in today's age if you want to not just get skimmed over as a website etc.

    TOR/Tails for FC? perfectly valid, sure you can do it - but it's like wearing a scuba suit to go outside in the rain.
     
  10. damm

    damm Active Member

    Messages:
    157
    It's not about your ISP. It's not about them always coming after you. It could easily be about Session Hijacking to be blunt.

    If you input your credentials on a non-secure site; whoops. Even Chrome is coming out to shame sites that don't provide https

    In time we'll have to start clicking buttons to say yes we are aware that this site is insecure and you shouldn't go there. All browsers are trying to force HTTPS as a standard now.

    Sure you can blame your ISP; you can blame the NSA. But in this day and age it's more of shaming this site for not offering https.
     
    KeroZen, Maitri and muunch like this.
  11. muunch

    muunch zzzzz

    Messages:
    571
    https://addons.mozilla.org/en-US/firefox/addon/https-everywhere/

    Idk maybe I'm just fortunate to be computer literate but I just don't click on dumb shit or go to shady sites and I don't get viruses/etc/etc even with no antivirus.

    Or maybe I'm just missing the point. I obviously voted yes for https, I'm more just bewildered at the random mention of tor/tails just because we're discussing internet security lol
     
    grokit likes this.
  12. grokit

    grokit well-worn member

    Messages:
    11,170
    Location:
    the north
    The vpn licenses from avast (one example) only protect one computer at a time; they also have security products made specifically for public wifi, mainly devices but extra security also kicks in on laptops. That tells me that there are many exploits being run on public wifi. Because I use a variety of os's it would be too much of a patchwork solution anyways, which is why I looked at just getting a router with vpn software built in; then I would be secure at home and just need to secure my portable devices for when traveling. The differences in our perception are probably because "public wifi" is such an arbitrary term; a marriot, joe's coffee shop, and public libraries would have very different security. Using an xp computer or older would mean that you're even more vulnerable because there's no more security patches for the os. From what I can tell it's android and windows-based systems being most taken advantage of. Just my perspective.

    edit: Thanks for reminding me about https-everywhere, I used to have it installed on ff but dropped it when I was having ff issues along with a bunch of other extensions. Now I'm running google as well to take the load off of ff, so I should probably go and see if https-everywhere is also available for chrome.

    edit2: I just installed https-everywhere on chrome as well, thanks again now I feel a bit safer :rofl:

    :freak:
     
    Last edited: Jan 5, 2017
    muunch likes this.
  13. muunch

    muunch zzzzz

    Messages:
    571
    tails is based off of linux. if i were to use tor and public wifi - the only way i'd bother to do so is if i was on tails.

    i don't think people give that much of a damn and unless you're being specifically targeted or are easily fooled by phishing things etc you really shouldn't worry.

    obviously, this is getting away from the point, so I'll just shut up now and let people do whatever they want. I'm just lazy as fuck so I'm not going to jump through all these unnecessary hoops just to look at a forum about weed lol. A forum that should be https in 2017 :3

    I wouldn't start going crazy with tails/etc/etc unless I was one of the crazy people that orders drugs off the deep west or wild web. whatever it's called.
     
    Last edited: Jan 5, 2017
    grokit likes this.
  14. damm

    damm Active Member

    Messages:
    157
    That really doesn't make FC any more secure. I can deny myself access by blocking insecure requests.

    It's also known to break sites.

    So let's get back on topic here instead of adding useless off topic banter that doesn't help.
     
  15. grokit

    grokit well-worn member

    Messages:
    11,170
    Location:
    the north
  16. damm

    damm Active Member

    Messages:
    157
    Not really. It provides regex rules to help force using secure login mechanisms. It doesn't provide HTTPS to non HTTPS sites.

    So really it's off point; it doesn't help secure FC in anyway what so ever.
     
  17. grokit

    grokit well-worn member

    Messages:
    11,170
    Location:
    the north
    Thanks for your input; it's also absolutely on-topic,
    as this is the only thread that comes up when searching for "https on fc" :tup:

    :sherlock:
     
    Last edited: Jan 5, 2017
  18. damm

    damm Active Member

    Messages:
    157
    Everyone has an opinion and everyone is right? right... wrong there's no website rules for FC on HTTPS Everywhere... so it really doesn't do anything for this site

    Can we move back to the original topic now? Tor has it's point; but the topic here is switching FC to full HTTPS.

    Let's try to stick to that shall we?
     
  19. grokit

    grokit well-worn member

    Messages:
    11,170
    Location:
    the north
    Right, the subject is whether fc should have https;
    just don't talk about the browser plug-in :rolleyes:

    :horse:
     
  20. damm

    damm Active Member

    Messages:
    157
    Exactly the plugin doesn't do anything without https. So we're just bikeshedding off in a different direction doing absolutely nothing productive towards our conversation.
     
  21. grokit

    grokit well-worn member

    Messages:
    11,170
    Location:
    the north
    Regarding your first point, I think you mean that because fc doesn't conform to HTTPS protocols it's still going to be insecure even if it doesn't "break (2nd point)"?

    Your second point is a known issue, which is why https-everywhere can be easily disabled per site.

    What other objections/limitations do you have regarding this plug-in?

    More importantly, do you have any alternatives to suggest?

    "HTTPS Everywhere is a free and open source web browser extension for Google Chrome, Mozilla Firefox and Opera, a collaboration by The Tor Project and the Electronic Frontier Foundation (EFF). It automatically makes websites use the more secure HTTPS connection instead of HTTP, if they support it."

    What if HTTPS Everywhere breaks some site that I use?
    This is occasionally possible because of inconsistent support for HTTPS on sites (e.g., when a site seems to support HTTPS access but makes a few, unpredictable, parts of the site unavailable in HTTPS). If you report the problem to us, we can try to fix it. In the meantime, you can disable the rule affecting that particular site in your own copy of HTTPS Everywhere by clicking on the HTTPS Everywhere toolbar button and unchecking the rule for that site."

    :sherlock:
     

Support FC, visit our trusted friends and sponsors