• Do NOT click on any vaporpedia.com links. The domain has been compromised and will attempt to infect your system. See https://fuckcombustion.com/threads/warning-vaporpedia-com-has-been-compromised.54960/.

Switching FC to full-HTTPS

Would you like that this forum transitions to full HTTPS (encrypted) operation mode?

  • Yay!

    Votes: 155 89.6%
  • Nay!

    Votes: 3 1.7%
  • I'm clueless

    Votes: 15 8.7%

  • Total voters
    173
Status
Not open for further replies.

KeroZen

Chronic vapaholic
I would like to discuss the idea of switching this site to full HTTPS operation mode.

I think this is preferable, for a lot of reasons, but mostly privacy concerns. At the very minimum, it would encrypt the URLs you visit, which are currently visible in plain text by your ISP and anyone between them and the FC server. Those URLs often contain keywords that you might not necessarily like being associated to you etc.

Also, Google has made it clear that it's the way to go and started ranking lower in their results all sites that are not using the protocol we're talking about. Not that we need any search optimization, but still it's the global trend to make that move to HTTPS.

There are drawbacks though, the first that comes to mind but that has been debunked would be increased server resources consumption, but it's also not trivial and easier said than done...

Now it's time to express your opinion!
 

syrupy

Authorized Buyer
I'm all for it. Also, there's the DNS issue--that even if ISPs can't read the content of the stream because of HTTPS, they can tell that a customer has been going to fc.com. For the tinfoil hat crowd, one workaround is to use a host file manager to hard code the DNS-- fc.com = 107.161.26.191. :ninja: :tinfoil:
 
Last edited:

Concupiscient

Well-Known Member
Still under consideration?

Anyone use a tor browser? Explain it?
And last, what is SSL?
 
Concupiscient,

OldOyler

Fire it again. I can still find the ground.
I see ... but don't ...

Tails/tour stuff fascinating ... an off-topic topic?
Sorry, was kind of running around FC at the time.

That Wired article is saying that getting a tor browser IMMEDIATELY puts you on a special list with the NSA. (You asked about it in a previous post)

So, if what we were shooting for as a goal on this thread was the best security while staying off of LEO's radar, etc...

Simply https would be great imo. Going with tor, etc. says "I am hiding something, so please come look at me" - so says govvie-gov themselves.

:tup:

Peace!
 

OldOyler

Fire it again. I can still find the ground.
Looks like I got on that list just by searching & reading ... REALLY? ... TBD in another topic?
I went ahead and starting talking all sorts of sh*t about the govt years ago with one of my (grown) sons. Stuff that has to be absolutely intolerable to the truly erudite.

If I'm going to be on a list, well I want to make it a goodie!

:tup:

Look, we can protect ourselves to a reasonable degree with https, and that's why I shot a post over here, along with my vote.

Peace!
 

damm

Well-Known Member
I think we need to first have FC support SSL then we could force people over. But 443 is closed so that would need to be addressed first.

Would like to see SSL of course.
 

OldOyler

Fire it again. I can still find the ground.
I agree damm it is an all or nothing deal.

I mean, no good for me to talk TO someone in a pm securely if THEY won't be reading it in https mode.

Peace!
 

damm

Well-Known Member
I agree damm it is an all or nothing deal.

I mean, no good for me to talk TO someone in a pm securely if THEY won't be reading it in https mode.

Peace!
Doesn't have to all or nothing at first. Sure everyone demands HTTPS because of the NSA but if you are truly worried you could be using TOR.

SSH tunnel from an ec2 instance as your http proxy works great too. We do need to own our own security instead of expecting other people to provide it.
 
damm,

OldOyler

Fire it again. I can still find the ground.
Doesn't have to all or nothing at first. Sure everyone demands HTTPS because of the NSA but if you are truly worried you could be using TOR.

SSH tunnel from an ec2 instance as your http proxy works great too. We do need to own our own security instead of expecting other people to provide it.
Agreed. I just thought I was digressing from the tread topic, sorry!

Yeah, I think that each person has to choose their risk, and heck whether to even face it in the first place.

I do hope FC implements general site-wide SSL.

Peace all!
 
OldOyler,
  • Like
Reactions: KeroZen

hibeam

alpha +
TOR always gobbled my resources so I suspected RAM and bandwidth pirating at the least. Actually these days I am more concerned about all the free content I give forums when other posters are getting paid for theirs. I miss the days before complete commodification of online content, when people gave info out of sheer generosity.
 
hibeam,

hibeam

alpha +
Yikes....what a gauche comment I made last night. I hope it helps to say FC is excluded from my concerns and then to apologize for the highjacking. Sorry!
 

KeroZen

Chronic vapaholic
As you might have noticed, the poll is there only to gauge the interest but as we lack any decision power it's more symbolic than anything else...

I'm regretting that no site admin nor moderator commented on this topic so far, be it just to clarify the reasons why it won't or can't be implemented.
 

damm

Well-Known Member
It looks like this is hosted on a VPS; running nginx. Maybe there is a Control panel involved? however they can get a ssl certificate for free using LetsEncrypt or to be honest I use a 5$ ssl cert myself

I'd be happy to assist with installation of said SSL Certificate; I would even be willing to buy the certificate if it's a lack of funds. But I understand if the admins are not interested.
 
damm,

OldOyler

Fire it again. I can still find the ground.
It looks like this is hosted on a VPS; running nginx. Maybe there is a Control panel involved? however they can get a ssl certificate for free using LetsEncrypt or to be honest I use a 5$ ssl cert myself

I'd be happy to assist with installation of said SSL Certificate; I would even be willing to buy the certificate if it's a lack of funds. But I understand if the admins are not interested.
Nah damm, the mods here are seriously solid. And I really despise authority...

I think it's the time of year and a few needed meetings. Plus there's the legendary vtac that probably has to give a nod.

But I don't know sh*t, so that's just my guess.

Peace!
 
OldOyler,

momofthegoons

vapor accessory addict
I'm regretting that no site admin nor moderator commented on this topic so far, be it just to clarify the reasons why it won't or can't be implemented.
Well... unless we stumble on to the thread... how are we expected to know? No one has tagged one of us..:shrug:

Any decisions made here with regard to changes to this forum or it's software are made by the forum owner, @vtac . If you have something you would like to see changed, feel free to pm him. :2c:
 

herbivore21

Well-Known Member
Well... unless we stumble on to the thread... how are we expected to know? No one has tagged one of us..:shrug:

Any decisions made here with regard to changes to this forum or it's software are made by the forum owner, @vtac . If you have something you would like to see changed, feel free to pm him. :2c:
As much as I agree with everything else you say here Mom, @syrupy tagged @vtac in here months ago lol :peace:
 
Status
Not open for further replies.
Top Bottom