A call for HTTPS here on ATS

Hello everyone at ATS

Im not sure why the site dose not use (https) but it would sure be nice to know that there is some form of encryption between me and your servers. Also almost every site on the web now uses it.

There are services that allow for free certificates to secure your sites.
Mods and other in control at ATS take a look at lestencrypt.org

Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. Let’s Encrypt is a service provided by the Internet Security Research Group (ISRG).
The key principles behind Let’s Encrypt are:

Free: Anyone who owns a domain name can use Let’s Encrypt to obtain a trusted certificate at zero cost.
Automatic: Software running on a web server can interact with Let’s Encrypt to painlessly obtain a certificate, securely configure it for use, and automatically take care of renewal.

Secure: Let’s Encrypt will serve as a platform for advancing TLS security best practices, both on the CA side and by helping site operators properly secure their servers.

Transparent: All certificates issued or revoked will be publicly recorded and available for anyone to inspect.

Open: The automatic issuance and renewal protocol will be published as an open standard that others can adopt.

Cooperative: Much like the underlying Internet protocols themselves, Let’s Encrypt is a joint effort to benefit the community, beyond the control of any one organization.

Encryption makes using the web a lot more private and allows for some level of assurance that your communications are secure.

What do you think Members would you like to see HTTPS here on ATS? After all it is 2016

originally posted by: 3ncrypt0Rdie
Hello everyone at ATS

Im not sure why the site dose not use (https) but it would sure be nice to know that there is some form of encryption between me and your servers. Also almost every site on the web now uses it.

There are services that allow for free certificates to secure your sites.
Mods and other in control at ATS take a look at lestencrypt.org

Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. Let’s Encrypt is a service provided by the Internet Security Research Group (ISRG).
The key principles behind Let’s Encrypt are:

Free: Anyone who owns a domain name can use Let’s Encrypt to obtain a trusted certificate at zero cost.
Automatic: Software running on a web server can interact with Let’s Encrypt to painlessly obtain a certificate, securely configure it for use, and automatically take care of renewal.

Secure: Let’s Encrypt will serve as a platform for advancing TLS security best practices, both on the CA side and by helping site operators properly secure their servers.

Transparent: All certificates issued or revoked will be publicly recorded and available for anyone to inspect.

Open: The automatic issuance and renewal protocol will be published as an open standard that others can adopt.

Cooperative: Much like the underlying Internet protocols themselves, Let’s Encrypt is a joint effort to benefit the community, beyond the control of any one organization.

Encryption makes using the web a lot more private and allows for some level of assurance that your communications are secure.

What do you think Members would you like to see HTTPS here on ATS? After all it is 2016

I can see no good reason to NOT support encryption, however ATS is a public forum!

Not using (https) allows for outsiders to sniff or extract passwords and other information as it travels the wire. This is also why its a very good reason to start using it.
As far as this being a public forum; yes this is true and once again shows the important of having this technology in place.
ATS is a world of controversial subjects giving it an even greater reason to protect its users from being easily profiled by outside influences and services (ISP's and Governments). Ether way one see it; if there is a site out there that needs this as a basic protection method, ATS is certainly it.

a reply to: 3ncrypt0Rdie

I am taking a wild stab in the dark here. New user, username Encryptordie, new site in beta test phase...

Now I am not saying this is a bad thing but are you in some way affiliated to that site?

If the answer is no then my apologies, but this is a conspiracy website and I don't trust myself even.

If the answer is yes however I wonder why you didn't approach the SO with a proposal/suggestion in private?

It all seems legit on face value, but I am no master of da interwebz and such so...

a reply to: Jonjonj

Not affiliated in any way.
I suggested letsencrypt.org simply because it is usually expensive to use SSL certificates and hard to manage. Also wanted to present a free simple way to the ATS management so that there was even more reason to move in this direction, which is to use https by default.

I'm afraid there is no conspiracy to this here thread, only a call to make proper changes to secure users from common threats to freedom and security on the web.
Every time one signs onto ATS there password and traffic (Post/Reading) are in the clear for all to see that know how to look or have an interest to do so.

So in summary no this is not a promo of that site just a Call to use HTTPS here on ATS.

I am a new account, but a very long time lurker and avid reader of ATS and others.

Hope that answers anyone's questions who may think or feel this is to promote somthing, seeing that's against ATS TOS

S & F nice idea. Though, it might really put the site on the radar with intelligence other than what's already brought to it.

Sitewide SSL is not expensive and easy to implement. Google recommends it with a minimal bump in the SERPs.

A little htaccess tweaking will redirect requests to the https and provide a proper 301 to the search engines for the old http indexed URLs.

It does provide some additional webmaster issues, such as the need for image url proxies for remote hosted images in forum posts.

I have just completed converting ID for sitewide SSL. I can not wait to do the big reveal at ID with this and a host of other new enhancements.

originally posted by: 3ncrypt0Rdie
Im not sure why the site dose not use (https) but it would sure be nice to know that there is some form of encryption between me and your servers. Also almost every site on the web now uses it.

There's a couple reasons we've not adopted SSL/HTTPS.

We have a rather complicated CDN caching arrangement for our site images and member upload space. Upgrading the CDN to be SSL/HTTPS compliant (since everything on the page must be SSL/HTTPS) is a bit cost-prohitbitive right now.

Not all of our advertising providers are fully capable of SSL/HTTPS alternatives for some ads. Meaning that the number of ads available to us would be less. Even Google's AdSense, AdExchange, and Double Click for Publishers warns that HTTPS pages may have fewer ads available to it.

That being said, I have been looking into SSL/HTTPS for logged-in members, which is only about 15-20% of our average daily traffic. This might be something we roll out in 2016, but since this is all just me, I can't be definitive.

Retracted. I back away quietly now,...

a reply to: SkepticOverlord

Thanks for your response

your explanation was what I expected to get and I thank you for being open about it. However I do feel and I am sure others as well, that Revenue and security should be hand in hand.
The easiest way would to implement both (https) and (http); giving the user the ability to have there content encrypted while also being able to receive CDN traffic to create revenue on another stream would be to have separate services running side by side. Again, as both of us have said this would be costly.

I guess my main question to you and for everyone is, Why was this not part of the original business model in the beginning or to be more flexible,once (https) became ubiquitous.

And finally can anyone in ATS management that has the deciding pull about this issue, could you let us know your thoughts and what the likely hood of getting (https) is.

It really stinks that Google's AdSense, AdExchange, and Double Click, and others have made it harder to allow sites to secure there users in order to maintain a balance of revenue which is essential to all Internet services and forums.
I would hope this would not stand in the way of security in these very complex and pressing days of global surveillance and censorship.

Thanks again SkepticOverlord

a reply to: dreamingawake

Im quite certain this site is very much on the radar of the powers that be. Thanks for the S&F

originally posted by: 3ncrypt0Rdie
I guess my main question to you and for everyone is, Why was this not part of the original business model in the beginning or to be more flexible,once (https) became ubiquitous.

It hasn't been until relatively recently that processor cycles have become a cheap commodity. 12 years ago when we first migrated to our own dedicated servers, the hardware requirements and other costs for going SSL/HTTPS were beyond our means.

And finally can anyone in ATS management that has the deciding pull about this issue, could you let us know your thoughts and what the likely hood of getting (https) is.

I'm the "great decider." It will happen for logged-in user sessions, I just can't give a firm date.

It really stinks that Google's AdSense, AdExchange, and Double Click, and others have made it harder to allow sites to secure there users in order to maintain a balance of revenue which is essential to all Internet services and forums.

It's really not their fault. In the broad digital advertising ecosystem, roughly 60% of all quality ads are on the "long-tail" of things -- not major advertisers. The majors use delivery platforms that utilize both encrypted and non-encrypted protocols, but the rest do not. The major ad platforms (Google, AOL ONE, Tribal Fusion, OpenX, Rubicon, etc.) have set a date of January 1, 2017 as the deadline for all advertisers to support HTTPS, but I suspect it will end up being a moving target.

a reply to: SkepticOverlord

Thanks for your response on the matter.
I look forward to at least logging in with (HTTPS) in the near future.

But I still feel that it is a necessity overall for transmissions to your site; given the current state of things in the world with spying, surveillance, and profiling of groups and individuals.

I know everything cost money but security should still be ubiquitous.

Please updates all of us on this tread about when we may see the use of encryption on this site

a reply to: dreamingawake

not only does it raise a bright orange flag...
but (I lack an informed profile of just what https is) the recent news is that Apple refuses to release their proprietary encryption... sooooooooooo....

if ATS goes to a private & (presently Free) encryption servicer.... wouldn't that make every members web activity available to the evcryption provider but their web footprints completely invisible to all outsiders (those outside the encryption service provider) ....

the costs are not guaranteed to never be passed on to the users...
the keyhole of surveillance/data-mining/tracking is focused on the encryption provider with the 'code',,, what if China buys them out too, as they did with the premier movie outlets in the USA


NO THANKS, too many holes in that block of cheese for me

a reply to: SkepticOverlord

Its getting even easier to use SSL, here is a better entry on using the (LetsEncrypt) platform.
Has any of the AD services started to get moving on being able to use SSL to deliver there content yet?

Also how is it coming on the idea of having SSL for login?

Let's Encrypt & NginxState of the art secure web deployment Not long ago SSL encryption was still considered just a nice-to-have feature, and major services secured only log-in pages of their applications. Things have changed, and for the better: encryption is now considered a must-have, and enforced by most players. Search giant Google even takes SSL implementation into account in search results ranking. Despite the larger reach of SSL, setting up your own secure web service is still considered daunting, time consuming, and error-prone. A recent player in the field, Let’s Encrypt promises to make SSL certificates more widely available and to radically simplify the workflow of maintaining a website’s security. Combined with the powerful Nginx web server, and with some additional hardening tips, you can use it to achieve top notch security grades, rating A on the popular Qualys SSL and securityheaders.io analysers.

SITE
letsecure.me...

a reply to: SkepticOverlord
Hello Friend

When Will We be able to use SSL here on ATS?
Has there been any developments with the Ad infrastructure to make this happen.
We need to have encryption on this site especially for the login process.

+1 for HTTPS.

It would be nice to know we can post here without being tracked by the Jews, or the Muslims, or the Freemasons, or the Illuminati, or the Reptilians, or the Greys, or whoever else is supposed to be secretly running the world.

*Will we Ever have a Secure Environment here at ATS?
*Can I send my password over the wire (plz) in a way that is not in clear text when logging in?
*Is it possible I can load a page as I am researching here, and know that it is encrypted while in transit over the wire?

With everything that has happened in the last 5 years you would think this would be a priority here in a place were secrets and taboo topics are everywhere.

*Is there a purpose for keeping our traffic open for easy review?

a reply to: 3ncrypt0Rdie

Yes i remember this also

The major ad platforms (Google, AOL ONE, Tribal Fusion, OpenX, Rubicon, etc.) have set a date of January 1, 2017 as the deadline for all advertisers to support HTTPS, but I suspect it will end up being a moving target.