SSL certificate - Printable Version +- Atheist Discussion (https://atheistdiscussion.org/forums) +-- Forum: Forum Information (https://atheistdiscussion.org/forums/forumdisplay.php?fid=90) +--- Forum: Forum Comments and Suggestions (https://atheistdiscussion.org/forums/forumdisplay.php?fid=97) +--- Thread: SSL certificate (/showthread.php?tid=2203) |
SSL certificate - KevinM1 - 12-14-2018 This forum really should have a SSL certificate. Given the taboo nature of atheism, and simple common sense security practices, leaving the client/server connection unencrypted is a bad move. You can get a free cert at https://letsencrypt.org/ They're recognized by just about all root authorities at this point. RE: SSL certificate - Aliza - 12-14-2018 (12-14-2018, 02:22 AM)KevinM1 Wrote: This forum really should have a SSL certificate. Given the taboo nature of atheism, and simple common sense security practices, leaving the client/server connection unencrypted is a bad move. You can get a free cert at https://letsencrypt.org/ They're recognized by just about all root authorities at this point. You are correct. That's on the list. ...please hold off on posting your credit card number to the forum for the time being. RE: SSL certificate - Joods - 12-14-2018 Is this why it says "Not Secure" at the top by the address bar? RE: SSL certificate - Aliza - 12-14-2018 (12-14-2018, 05:11 AM)Joods Wrote: Is this why it says "Not Secure" at the top by the address bar? Yes. TTA was never secured, but it is our intention to get our SSL certification. RE: SSL certificate - Joods - 12-14-2018 Ahh okay. RE: SSL certificate - c172 - 12-14-2018 (12-14-2018, 03:06 AM)Aliza Wrote:(12-14-2018, 02:22 AM)KevinM1 Wrote: This forum really should have a SSL certificate. Given the taboo nature of atheism, and simple common sense security practices, leaving the client/server connection unencrypted is a bad move. You can get a free cert at https://letsencrypt.org/ They're recognized by just about all root authorities at this point. No fun. I'm leaving for AF.com RE: SSL certificate - GirlyMan - 12-14-2018 RE: SSL certificate - Aliza - 12-14-2018 (12-14-2018, 07:14 AM)GirlyMan Wrote: You mean Mel Brooks waa spoofing another movie with that line?? It makes sense in hindsight. RE: SSL certificate - Vosur - 12-20-2018 (12-14-2018, 05:36 AM)Aliza Wrote:(12-14-2018, 05:11 AM)Joods Wrote: Is this why it says "Not Secure" at the top by the address bar? Feel free to get in touch with me when you're ready to set up SSL for the site, Aliza. I can help you set it up and also add support for TLS 1.3 which would noticeably reduce the time it takes for people to connect to this site. While we're at it, I'd also like to set up automatic off-site backups so that what happened to TTA - a complete loss of the whole forum database - cannot happen to this forum. Just for reference, here are the security rankings of my personal site (https://datahoarder.xyz) which I host on my own server. They're both perfect scores. https://www.ssllabs.com/ssltest/analyze.html?d=datahoarder.xyz&latest https://securityheaders.com/?q=https%3A%2F%2Fdatahoarder.xyz%2F Edit: The offer to host this forum on my server still stands, by the way. RE: SSL certificate - Joods - 12-20-2018 That is really generous of you @ RE: SSL certificate - Mathilda - 12-20-2018 (12-20-2018, 02:59 PM)Vosur Wrote:(12-14-2018, 05:36 AM)Aliza Wrote:(12-14-2018, 05:11 AM)Joods Wrote: Is this why it says "Not Secure" at the top by the address bar? Thanks for the offer Vosur but automated backups have been taken care of. I also make sure to make backups myself on a regular basis. Don't worry. Contingencies have been put in place so that there won't ever be a complete loss of forum data again for this community. RE: SSL certificate - Aliza - 12-20-2018 Just for the record, the loss of our data from The Thinking Atheist was not a result of inadequate backups. Seth refused to allow us to take any portion of it. Seth could have provided us with a copy of the forum's structure (templates, themes, smileys, etc) and a partial backup that would allow us to take the public posts but not any private, sensitive user data. He would not even listen to our case. RE: SSL certificate - Vosur - 12-20-2018 (12-20-2018, 08:04 PM)Mathilda Wrote: Thanks for the offer Vosur but automated backups have been taken care of. I also make sure to make backups myself on a regular basis. Don't worry. Contingencies have been put in place so that there won't ever be a complete loss of forum data again for this community. Good work! RE: SSL certificate - Vosur - 12-20-2018 Huh? Where'd my other post go? ---------- Edit: Here's what I wrote. (12-20-2018, 07:46 PM)Joods Wrote: That is really generous of you @ That's very kind of you, but the hosting fees for my colocated server are only around 50€ a month. I spend a lot of my free time working on it as a hobby, so I will continue to pay for it even without financial assistance from other people. The next 12 months have already been paid for, but if someone wants to help cover the hosting fees beyond that, I certainly won't say no to them. RE: SSL certificate - Mathilda - 12-20-2018 (12-20-2018, 11:12 PM)Vosur Wrote: Huh? Where'd my other post go? Just PMed you. RE: SSL certificate - Vosur - 12-20-2018 (12-20-2018, 11:18 PM)Mathilda Wrote:(12-20-2018, 11:12 PM)Vosur Wrote: Huh? Where'd my other post go? Gotcha, I removed the link from the post just now. RE: SSL certificate - Vosur - 12-21-2018 Another point to consider is that HTTPS improves a site's SEO and search rankings, which is something we definitely want to make the forum more popular. https://www.bluecorona.com/blog/https-and-seo https://www.bluecorona.com/blog/reasons-to-have-https-website https://security.googleblog.com/2014/08/https-as-ranking-signal_6.html https://fourdots.com/blog/why-you-need-ssl-to-rank-better-in-2016-and-how-to-set-it-2169 I don't mean to come across as impatient, but believe me when I say that this is something we can easily get done in a single afternoon if the three of us have a meeting where we can talk about the details @Mathilda @Aliza. Edit: Here's another security test with a perfect rating for my site, just for fun: https://www.htbridge.com/ssl/?id=Aw2it0Y8 RE: SSL certificate - Vosur - 12-22-2018 I stumbled on this site earlier today: https://doesmysiteneedhttps.com/ I chuckled. RE: SSL certificate - Vosur - 01-01-2019 Just in case anyone is wondering, I'm still actively pestering Aliza about this issue because it's a pretty important one. No idea when she'll have time to do it though. RE: SSL certificate - Aliza - 01-01-2019 (01-01-2019, 08:51 PM)Vosur Wrote: Just in case anyone is wondering, I'm still actively pestering Aliza about this issue because it's a pretty important one. No idea when she'll have time to do it though. Actually, @Mathilda will take care of it, and I think she has it in hand. RE: SSL certificate - Vosur - 01-20-2019 Here's my example myBB forum with SSL, TLS 1.3, HTTP/2, a favicon, all that good stuff... https://forum.datahoarder.xyz/index.php RE: SSL certificate - Vosur - 01-23-2019 Let it be known that I tried to be reasonable and accommodating with the admins and did everything in my power to get them to take the privacy of people's information seriously. After months of delays and excuses and an uncooperative attitude from the admins, I've decided to take matters into my own hands. I will be reaching out to EU authorities to file a complaint against this forum for violating the GDPR regulations. In the worst case scenario, this means that this forum will be shut down, in which case I will be hosting a secure replacement myself. In the best case scenario, the threat of the forum being shut down will finally get the admins to take people's privacy seriously. RE: SSL certificate - Aliza - 01-23-2019 (01-23-2019, 07:15 PM)Vosur Wrote: Let it be known that I tried to be reasonable and accommodating with the admins and did everything in my power to get them to take the privacy of people's information seriously. After months of delays and excuses and an uncooperative attitude from the admins, I've decided to take matters into my own hands. I will be reaching out to EU authorities to file a complaint against this forum for violating the GDPR regulations. In the worst case scenario, this means that this forum will be shut down, in which case I will be hosting a secure replacement myself. In the best case scenario, the threat of the forum being shut down will finally get the admins to take people's privacy seriously. Those are the appropriate channels. RE: SSL certificate - Vosur - 01-23-2019 (01-23-2019, 07:17 PM)Aliza Wrote:(01-23-2019, 07:15 PM)Vosur Wrote: Let it be known that I tried to be reasonable and accommodating with the admins and did everything in my power to get them to take the privacy of people's information seriously. After months of delays and excuses and an uncooperative attitude from the admins, I've decided to take matters into my own hands. I will be reaching out to EU authorities to file a complaint against this forum for violating the GDPR regulations. In the worst case scenario, this means that this forum will be shut down, in which case I will be hosting a secure replacement myself. In the best case scenario, the threat of the forum being shut down will finally get the admins to take people's privacy seriously. If you prefer to be cooperative, I'd like you to send me your full name, your e-mail address and your phone number via PM so I can fill out the relevant fields in the complaint form. If you prefer not to be cooperative, I will have to make do with what little information I have about you. The complaint will be lodged either way. RE: SSL certificate - Aliza - 01-23-2019 (01-23-2019, 07:33 PM)Vosur Wrote:(01-23-2019, 07:17 PM)Aliza Wrote:(01-23-2019, 07:15 PM)Vosur Wrote: Let it be known that I tried to be reasonable and accommodating with the admins and did everything in my power to get them to take the privacy of people's information seriously. After months of delays and excuses and an uncooperative attitude from the admins, I've decided to take matters into my own hands. I will be reaching out to EU authorities to file a complaint against this forum for violating the GDPR regulations. In the worst case scenario, this means that this forum will be shut down, in which case I will be hosting a secure replacement myself. In the best case scenario, the threat of the forum being shut down will finally get the admins to take people's privacy seriously. No, you can do it. |