No SSL?

Discussion in 'Suggestions & Feedback' started by Eiskaffee, Apr 16, 2020.

  1. Eiskaffee

    Eiskaffee Tails in in the sonic movie Member

    Joined:
    May 1, 2016
    Messages:
    11
    Location:
    United States
    I had a question regarding the forums. I use HTTPs Everywhere to make sure the sites I'm visiting are secure and I had issues getting into SSRG because when I go to https://sonicresearch.org it takes me to some weird landing page thing instead of SSRG. I just thought I would bring that up.
     
  2. LazloPsylus

    LazloPsylus A Certain Scientific Railgun The Railgun

    Joined:
    Nov 25, 2009
    Messages:
    Location:
    Academy City
    SSL is coming, but not something we're investing in for the current iteration of the site. The current test migration for the next iteration (which staff are currently testing out) already has SSL set up and active.
     
  3. nineko

    nineko I am the Holy Cat Member

    Joined:
    Mar 24, 2008
    Messages:
    1,784
    Location:
    italy
    I swear, I'll never get this whole https fetish that everyone seems to have these days, ohnoes, SSRG is not secure, someone in a basement in China now knows that I like Sonic games, my life is ruined.
     
    ProjectFM likes this.
  4. LazloPsylus

    LazloPsylus A Certain Scientific Railgun The Railgun

    Joined:
    Nov 25, 2009
    Messages:
    Location:
    Academy City
    SSL does have its uses, such as ensuring credential transport from client to server aren't able to be sniffed. Unfortunately, SSL is being shoehorned to be way more than it actually is, which is going to make for a hell of a mess to clean up when the shit will hit the fan. Until then, Google and other search engines are actively punishing domains that do not use SSL, so site operators are unfortunately forced into a corner for the time being.
     
  5. vladikcomper

    vladikcomper Well-Known Member Member

    Joined:
    Dec 2, 2009
    Messages:
    388
    Location:
    Russia
    Privacy concerns aside, all content transferred via unencrypted protocol is easily hijack-able nowadays.

    From what I personally know (and I've heard of it too often to ignore) some insolent ISPs (at least here in Russia) may simply inject their own code in any javascript files transported insecurely via HTTP. This code is usually targeted at tracking users activity and logging the content they're reading, but more often than not, it may inject its own ads system (that of the advertising platform affiliated with the ISP) which may either replace the existing ads on your site (so the profit goes to the third party) or modify some portions of the site to bring otherwise non-existent ads. And this, of course, has a perfectly good chance of breaking your site. And just to let you know, 80% of ads in Russia leads to fraud or outright malicious sites (but looking at those affiliated platforms, I think the number is closer to 100% in that case).

    My very own site did suffer from it, when viewed from certain ISPs (as a few people reported), until I finally switched to HTTPS.
     
  6. SuperEgg

    SuperEgg I'm a guy that knows that you know that I know Member

    Joined:
    Oct 17, 2009
    Messages:
    Location:
    THE BEST GOD DAMN STATE OF TEXAS
    Nineko, I love you, but you can't talk about modern internet things while still using Windows XP =V
     
    ProjectFM likes this.