posted on Nov, 6 2019 @ 12:44 AM
a reply to: research100
Sure can. Mozilla, Microsoft, and Google have adopted the stance that all websites should be using HTTPS. If you're using Chrome or Firefox there
will be an info icon to the left of the URL field on your browser. It will say insecure if the site is transmitting data using standard HTTP.
Encrypt the Web
a reply to: ignorant_ape
Again, that's fine for you. Your data, your choices. If you have no problem transmitting clear data to all the ad services that are being utilized on
this site, that's your prerogative.
As to your bull crap "what's the worst that can happen?" scenario open your mind to a few simple realities. 90% of the internet uses one password for
nearly every account they create. ATS requires an email address to register, and a great deal of people will use their primary email address for
that, as well. Say, ATS leaks clear text data and user passwords are compromised by a third party, now your email address is also compromised. What's
linked to email addresses? Financial data, billing cycles for your other online memberships, netflix, hulu, all your Amazon Prime transactions, UPS,
Fedex (meaning your home address).
So lets not pretend like this is over reacting. This kind of stuff happens literally everyday. And it mostly happens because of people's attitudes
that mirror your own.
Furthermore, it's taken me less than five minutes to discover how ATS handles the user login cookies. Authenticated users have two session cookies
created when they log in. Both are transmitted in the clear and only one is hashed with what appears to be MD5. xmbuser=AnonyMason and
xmbpw=faab1e6d710ac1c3318aacbf16b9823d. Best practices for how a domain handles it's cookies suggests that no critical information should be stored in
cookies. Passwords are critical information. Brute forcing md5 hashes isn't that hard these days.
But it's cool. I'm sure all of the users on ATS are familiar with all of this. I'm sure they all know the best ways to protect themselves. Just
keep listening to roadgravel. Encryption is no big deal.