+- Atheist Discussion (https://atheistdiscussion.org/forums)
+-- Forum: Forum Information (https://atheistdiscussion.org/forums/forumdisplay.php?fid=90)
+--- Forum: Forum Comments and Suggestions (https://atheistdiscussion.org/forums/forumdisplay.php?fid=97)
+--- Thread: SSL certificate (/showthread.php?tid=2203)
SSL certificate - KevinM1 - 12-14-2018
This forum really should have a SSL certificate. Given the taboo nature of atheism, and simple common sense security practices, leaving the client/server connection unencrypted is a bad move. You can get a free cert at https://letsencrypt.org/ They're recognized by just about all root authorities at this point.
RE: SSL certificate - Aliza - 12-14-2018
(12-14-2018, 02:22 AM)KevinM1 Wrote: This forum really should have a SSL certificate. Given the taboo nature of atheism, and simple common sense security practices, leaving the client/server connection unencrypted is a bad move. You can get a free cert at https://letsencrypt.org/ They're recognized by just about all root authorities at this point.
You are correct. That's on the list.
...please hold off on posting your credit card number to the forum for the time being.
RE: SSL certificate - Joods - 12-14-2018
Is this why it says "Not Secure" at the top by the address bar?
RE: SSL certificate - Aliza - 12-14-2018
(12-14-2018, 05:11 AM)Joods Wrote: Is this why it says "Not Secure" at the top by the address bar?
Yes. TTA was never secured, but it is our intention to get our SSL certification.
RE: SSL certificate - Joods - 12-14-2018
Ahh okay.
RE: SSL certificate - c172 - 12-14-2018
(12-14-2018, 03:06 AM)Aliza Wrote:(12-14-2018, 02:22 AM)KevinM1 Wrote: This forum really should have a SSL certificate. Given the taboo nature of atheism, and simple common sense security practices, leaving the client/server connection unencrypted is a bad move. You can get a free cert at https://letsencrypt.org/ They're recognized by just about all root authorities at this point.
You are correct. That's on the list.
...please hold off on posting your credit card number to the forum for the time being.
No fun. I'm leaving for AF.com
RE: SSL certificate - GirlyMan - 12-14-2018
RE: SSL certificate - Aliza - 12-14-2018
(12-14-2018, 07:14 AM)GirlyMan Wrote:
You mean Mel Brooks waa spoofing another movie with that line??
It makes sense in hindsight.
RE: SSL certificate - Vosur - 12-20-2018
(12-14-2018, 05:36 AM)Aliza Wrote:(12-14-2018, 05:11 AM)Joods Wrote: Is this why it says "Not Secure" at the top by the address bar?
Yes. TTA was never secured, but it is our intention to get our SSL certification.
Feel free to get in touch with me when you're ready to set up SSL for the site, Aliza. I can help you set it up and also add support for TLS 1.3 which would noticeably reduce the time it takes for people to connect to this site. While we're at it, I'd also like to set up automatic off-site backups so that what happened to TTA - a complete loss of the whole forum database - cannot happen to this forum.
Just for reference, here are the security rankings of my personal site (https://datahoarder.xyz) which I host on my own server. They're both perfect scores.
https://www.ssllabs.com/ssltest/analyze.html?d=datahoarder.xyz&latest
https://securityheaders.com/?q=https%3A%2F%2Fdatahoarder.xyz%2F
Edit: The offer to host this forum on my server still stands, by the way.
RE: SSL certificate - Joods - 12-20-2018
That is really generous of you @
RE: SSL certificate - Mathilda - 12-20-2018
(12-20-2018, 02:59 PM)Vosur Wrote:(12-14-2018, 05:36 AM)Aliza Wrote:(12-14-2018, 05:11 AM)Joods Wrote: Is this why it says "Not Secure" at the top by the address bar?
Yes. TTA was never secured, but it is our intention to get our SSL certification.
Feel free to get in touch with me when you're ready to set up SSL for the site, Aliza. I can help you set it up and also add support for TLS 1.3 which would noticeably reduce the time it takes for people to connect to this site. While we're at it, I'd also like to set up automatic off-site backups so that what happened to TTA - a complete loss of the whole forum database - cannot happen to this forum.
Just for reference, here are the security rankings of my personal site (https://datahoarder.xyz) which I host on my own server. They're both perfect scores.
https://www.ssllabs.com/ssltest/analyze.html?d=datahoarder.xyz&latest
https://securityheaders.com/?q=https%3A%2F%2Fdatahoarder.xyz%2F
Edit: The offer to host this forum on my server still stands, by the way.
Thanks for the offer Vosur but automated backups have been taken care of. I also make sure to make backups myself on a regular basis. Don't worry. Contingencies have been put in place so that there won't ever be a complete loss of forum data again for this community.
RE: SSL certificate - Aliza - 12-20-2018
Just for the record, the loss of our data from The Thinking Atheist was not a result of inadequate backups. Seth refused to allow us to take any portion of it.
Seth could have provided us with a copy of the forum's structure (templates, themes, smileys, etc) and a partial backup that would allow us to take the public posts but not any private, sensitive user data.
He would not even listen to our case.
RE: SSL certificate - Vosur - 12-20-2018
(12-20-2018, 08:04 PM)Mathilda Wrote: Thanks for the offer Vosur but automated backups have been taken care of. I also make sure to make backups myself on a regular basis. Don't worry. Contingencies have been put in place so that there won't ever be a complete loss of forum data again for this community.
Good work!
RE: SSL certificate - Vosur - 12-20-2018
Huh? Where'd my other post go?
----------
Edit: Here's what I wrote.
(12-20-2018, 07:46 PM)Joods Wrote: That is really generous of you @Vosur. If they decide to go that route and you are having issues meeting expenses, perhaps we can help out there. I would totally help fund these forums.
That's very kind of you, but the hosting fees for my colocated server are only around 50€ a month. I spend a lot of my free time working on it as a hobby, so I will continue to pay for it even without financial assistance from other people. The next 12 months have already been paid for, but if someone wants to help cover the hosting fees beyond that, I certainly won't say no to them.
RE: SSL certificate - Mathilda - 12-20-2018
(12-20-2018, 11:12 PM)Vosur Wrote: Huh? Where'd my other post go?
Just PMed you.
RE: SSL certificate - Vosur - 12-20-2018
(12-20-2018, 11:18 PM)Mathilda Wrote:(12-20-2018, 11:12 PM)Vosur Wrote: Huh? Where'd my other post go?
Just PMed you.
Gotcha, I removed the link from the post just now.
RE: SSL certificate - Vosur - 12-21-2018
Another point to consider is that HTTPS improves a site's SEO and search rankings, which is something we definitely want to make the forum more popular.
https://www.bluecorona.com/blog/https-and-seo
https://www.bluecorona.com/blog/reasons-to-have-https-website
https://security.googleblog.com/2014/08/https-as-ranking-signal_6.html
https://fourdots.com/blog/why-you-need-ssl-to-rank-better-in-2016-and-how-to-set-it-2169
I don't mean to come across as impatient, but believe me when I say that this is something we can easily get done in a single afternoon if the three of us have a meeting where we can talk about the details @Mathilda @Aliza.
Edit: Here's another security test with a perfect rating for my site, just for fun: https://www.htbridge.com/ssl/?id=Aw2it0Y8
RE: SSL certificate - Vosur - 12-22-2018
I stumbled on this site earlier today: https://doesmysiteneedhttps.com/
I chuckled.
RE: SSL certificate - Vosur - 01-01-2019
Just in case anyone is wondering, I'm still actively pestering Aliza about this issue because it's a pretty important one. No idea when she'll have time to do it though.
RE: SSL certificate - Aliza - 01-01-2019
(01-01-2019, 08:51 PM)Vosur Wrote: Just in case anyone is wondering, I'm still actively pestering Aliza about this issue because it's a pretty important one. No idea when she'll have time to do it though.
Actually, @Mathilda will take care of it, and I think she has it in hand.
RE: SSL certificate - Vosur - 01-20-2019
Here's my example myBB forum with SSL, TLS 1.3, HTTP/2, a favicon, all that good stuff...
https://forum.datahoarder.xyz/index.php
RE: SSL certificate - Vosur - 01-23-2019
Let it be known that I tried to be reasonable and accommodating with the admins and did everything in my power to get them to take the privacy of people's information seriously. After months of delays and excuses and an uncooperative attitude from the admins, I've decided to take matters into my own hands. I will be reaching out to EU authorities to file a complaint against this forum for violating the GDPR regulations. In the worst case scenario, this means that this forum will be shut down, in which case I will be hosting a secure replacement myself. In the best case scenario, the threat of the forum being shut down will finally get the admins to take people's privacy seriously.
RE: SSL certificate - Aliza - 01-23-2019
(01-23-2019, 07:15 PM)Vosur Wrote: Let it be known that I tried to be reasonable and accommodating with the admins and did everything in my power to get them to take the privacy of people's information seriously. After months of delays and excuses and an uncooperative attitude from the admins, I've decided to take matters into my own hands. I will be reaching out to EU authorities to file a complaint against this forum for violating the GDPR regulations. In the worst case scenario, this means that this forum will be shut down, in which case I will be hosting a secure replacement myself. In the best case scenario, the threat of the forum being shut down will finally get the admins to take people's privacy seriously.
Those are the appropriate channels.
RE: SSL certificate - Vosur - 01-23-2019
(01-23-2019, 07:17 PM)Aliza Wrote:(01-23-2019, 07:15 PM)Vosur Wrote: Let it be known that I tried to be reasonable and accommodating with the admins and did everything in my power to get them to take the privacy of people's information seriously. After months of delays and excuses and an uncooperative attitude from the admins, I've decided to take matters into my own hands. I will be reaching out to EU authorities to file a complaint against this forum for violating the GDPR regulations. In the worst case scenario, this means that this forum will be shut down, in which case I will be hosting a secure replacement myself. In the best case scenario, the threat of the forum being shut down will finally get the admins to take people's privacy seriously.
Those are the appropriate channels.
If you prefer to be cooperative, I'd like you to send me your full name, your e-mail address and your phone number via PM so I can fill out the relevant fields in the complaint form.
If you prefer not to be cooperative, I will have to make do with what little information I have about you.
The complaint will be lodged either way.
RE: SSL certificate - Aliza - 01-23-2019
(01-23-2019, 07:33 PM)Vosur Wrote:(01-23-2019, 07:17 PM)Aliza Wrote:(01-23-2019, 07:15 PM)Vosur Wrote: Let it be known that I tried to be reasonable and accommodating with the admins and did everything in my power to get them to take the privacy of people's information seriously. After months of delays and excuses and an uncooperative attitude from the admins, I've decided to take matters into my own hands. I will be reaching out to EU authorities to file a complaint against this forum for violating the GDPR regulations. In the worst case scenario, this means that this forum will be shut down, in which case I will be hosting a secure replacement myself. In the best case scenario, the threat of the forum being shut down will finally get the admins to take people's privacy seriously.
Those are the appropriate channels.
If you prefer to be cooperative, I'd like you to send me your full name, your e-mail address and your phone number via PM so I can fill out the relevant fields in the complaint form.
If you prefer not to be cooperative, I will have to make do with what little information I have about you.
The complaint will be lodged either way.
No, you can do it.