Nah, I'll just bang my head against the wall by posting here. Better than being effective.Well... unless we stumble on to the thread... how are we expected to know? No one has tagged one of us..
Any decisions made here with regard to changes to this forum or it's software are made by the forum owner, @vtac . If you have something you would like to see changed, feel free to pm him.
If our focus was to support the selling of vape equipment, we'd have a whole lot more sponsors. I happen to know that vtac has turned down quite a few; wanting the number to stay the same. He gets no 'kick back' from the vendors and manufacturers that post here (other than the sponsors who pay an annual fee). So no... the purpose of this forum is NOT to support the selling of vape equipment. It was set up to exchange vape information and chat.My understanding of the core concept of a forum like this is many fold, but focused on selling and supporting vaporizers and vape equipment.
Not understanding why TOR/tails are even being discussed here.
If you're using either of those to browse this forum, regardless the legality of cannabis in your state/nation/etc... take off your tinfoil hat.
My point was if you're THAT paranoid where you think your ISP is going to come after you for viewing/browsing a forum about cannabis... then idk.
People talking about tails and TOR to access THIS SITE is (while perfectly valid and secure) way overkill. I can't see a reason for it. That was my point.
I don't have any identifiable information on here so I really don't care if the account was to be compromised. Maybe some do? I don't know.
My post wouldn't have been made if tor/tails wasn't mentioned in regards to browsing this site, so I guess that's the point? idk?
HTTPS for FC? ok - perfectly valid and this should probably be a standard in today's age if you want to not just get skimmed over as a website etc.
TOR/Tails for FC? perfectly valid, sure you can do it - but it's like wearing a scuba suit to go outside in the rain.
The vpn licenses from avast (one example) only protect one computer at a time; they also have security products made specifically for public wifi, mainly devices but extra security also kicks in on laptops. That tells me that there are many exploits being run on public wifi. Because I use a variety of os's it would be too much of a patchwork solution anyways, which is why I looked at just getting a router with vpn software built in; then I would be secure at home and just need to secure my portable devices for when traveling. The differences in our perception are probably because "public wifi" is such an arbitrary term; a marriot, joe's coffee shop, and public libraries would have very different security. Using an xp computer or older would mean that you're even more vulnerable because there's no more security patches for the os. From what I can tell it's android and windows-based systems being most taken advantage of. Just my perspective.VPNs are more trouble and money than they're worth. I'd rather just buy a cheapo laptop off someone local (the older and crappier the better if all you're doing is browsing the internet) and only use public wifi.
I'd wager using public wifi alone is as secure as a VPN or close to it.
Idk maybe I'm just fortunate to be computer literate but I just don't click on dumb shit or go to shady sites and I don't get viruses/etc/etc even with no antivirus.
Or maybe I'm just missing the point. I obviously voted yes for https, I'm more just bewildered at the random mention of tor/tails just because we're discussing internet security lol
Not really. It provides regex rules to help force using secure login mechanisms. It doesn't provide HTTPS to non HTTPS sites.
Thanks for your input; it's also absolutely on-topic,Not really. It provides regex rules to help force using secure login mechanisms. It doesn't provide HTTPS to non HTTPS sites.
So really it's off point; it doesn't help secure FC in anyway what so ever.
Thanks for your input; it's also absolutely on-topic,
as this is the only thread that comes up when searching for "https on fc"
Regarding your first point, I think you mean that because fc doesn't conform to HTTPS protocols it's still going to be insecure even if it doesn't "break (2nd point)"?That really doesn't make FC any more secure. I can deny myself access by blocking insecure requests.
It's also known to break sites.
Thank you @KeroZen for starting this discussion and to all who participated. Security is something that has always been taken seriously here and https is something that we will be implementing in the future. It's not quite as simple as flipping a switch and there are a number of other matters that also require attention, so you patience is appreciated.
As usual the level of knowledge here is impressive and there have been many good points brought up in this thread. I agree that if privacy and security are important to you it's best to take control of them yourself. https is certainly worth using, however it's not a panacea for all your privacy and security concerns. Using a trusted and properly configured VPN setup is the way to go as it encrypts all of your traffic including DNS queries.
PS: ah and avoid the latest free certificates fad, it's turning out to be a disaster and hurting the whole chain of trust...
Sorry bud but this statement is not entirely correct.
A VPN runs as an encrypted logical connection between the source and the VPN endpoint. Irrespective of the physical mediums the data traverses. This means your true point of origin is seen as the endpoint.
All traffic between you and the endpoint is encrypted. However traffic between the endpoint and the destination would not be encrypted.
ORIGIN <=====> Endpoint <- - - - > Destination
The double lines indicate the VPN encrypted tunnel. The single line indicates the unencrypted traffic.
The destination in regards to FC is the FC's public web server IP. Assuming a user is using a VPN with an endpoint in Toronto (just an example) then all traffic from the FC forum being returned to the user will be destined back to Toronto where it would then be encrypted and forwarded back to the user. If the user is sending a password then it's only encrypted up to the point of the VPN endpoint. I think that's what you were probably trying to highlight.
As far as security goes, only a forum users password and private messages are of concern. The rest of the data is public anyway as its a public forum.
HTTPS is beneficial though as it helps to limit man-in-the-middle attacks (regardless of VPN usage) on passwords and PM's.