This is a repost of a comment reply I made earlier - but the topic is important enough that I think it deserves it's own thread.
I wanted to let everyone know that IdleBoast's information about the importance of HTTPS is not correct and it negatively impacts the security of all users of this site.
I work in the computer security industry (which includes secure website design) and
I felt compelled to create an account just to reply to this dangerous misconseption in order to help keep all of my fellow kinksters safe.
HTTP vs HTTPS is not just about usernames/passwords - although that is very important obviously. You see, when a website is presented in HTTP only
everything on the website is visible to your Internet Service Provider (ISP). The ISP can literally read every story along with you, see every forum comment you make, look at any file you may download from an unsafe, unencrypted website.
Of course, they also see your username (or email address) and password in plain text.
One thing to consider is that most people reuse their password for more than one website. Maybe even their bank or paypal accounts...
You should consider everything done on unsafe unencrypted sites to be the equivalent of sending a post card.[/b] Every postman along the route from your mailbox to Kristen's house can read exactly what is written on that postcard.
HTTPS is like doing a secret code cypher on your postcard to Kristen, then sealing your message in an envelope. After all what you have to say to Kristen is between you and her - nobody needs to read your letter - even if all it has is good, clean family stuff.
We all will generally spend the few coins to buy an envelope (since postcards need stamps anyway...) just for a simple letter to our mum. Our internet privacy is just as important.
Thanks to places like the "Let's Encrypt" project website admins can now offer secure websites to their users
for FREE. There is no catch and there is no excuse these days. Setting it up on a site takes a matter of minutes, and help is available if needed. I would even totally be willing to assist the webserver admin myself.
https://letsencrypt.org/Just to be clear - I am not affialiated with Let's Encrypt in
any way!
Anyway, in our online world the "mailman" here is the ISP or Internet Service Provider.
Now, when I say "ISP" you may think that definition is limited to Cox or Comcast or whoever - but that actually is too narrow of a way to think about it. An ISP is
anyone you get your internet from at that moment.
These places are also types of ISPs:
- A coffee shop
- An airport
- Your parent's / grandparent's house
- Hotel internet
- Your cellular carrier
- Your work
- McDonalds
- Your neighbor with the "free" WiFi
- I could go on and on...
In fact, everything you do can be seen by EVERY single network provider along the way from you to the server w/o HTTPS.
The point is any of these types of entities could not only get your password you may have reused elsewhere, they are also able to simply read along with you in real time as you go about your business on a site that does not encrypt your data.
The suggestion that users disable important security warnings has wider implications than may generally be realized. Turning off that feature impacts EVERY website people go to on their computer - not just one forum.
That security feature is there in part to alert folks when they may have accidentally gone to a malicious website that was made to look just like the real Wells Fargo website perhaps. These types of alerts are meant to protect users from these sorts of weapons used by criminals to steal money and personal information every day.
Telling users to turn off browser protections like this is unethical and dangerous.
Computer users that follow this advice are unlikely to have the technical knowledge to notice a malicious website before it's too late.
These warning give us all a way to step back and think for a moment before pressing that "Submit" button. They are important and should not be disabled.
Instead, users should ask their favorite website operators to take the small amount of time required to secure their websites and the community's private data.
Thank for reading. :-)
NSABot