It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Wondering, why no HTTPS on abovetopsecret.com
page: 3share:
In case AnonyMason shows here, you don't seem to even understand what https does.
They can do that with or without. Once the data gets to the web server, it is decrypted for this site to see.
Because they have things like your IP address, your username, the password you use for this site, and potentially other personally identifiable information you store in your browser.
Without SSL/TLS and HTTPS that data is sent in clear form and will be sent to anyone ATS decides they want to share it with.
They can do that with or without. Once the data gets to the web server, it is decrypted for this site to see.
edit on 11/5/2019 by roadgravel because: (no reason given)
Very disappointing that security best practices for the users of this site are still taking a back seat to the bottom line. Not cool, Bill. The
average user of ATS doesn't understand how valuable the data is that you guys are using to generate ads and make money from. The least you guys could
do is get some CA's and set up HTTPS.
If your CDN is that much of a pain in the ass maybe it's time to switch from Secured Servers LLC to something a little more user friendly like CloudFlare or StackPath?
If you want some pro-bono consulting, feel free to ask. If I sound a little irritated it's because we're almost in 2020 and you guys are still sending cleartext user data all over the effing internet. Always happy to help my little corners of the internet operate in a more secure fashion.
If your CDN is that much of a pain in the ass maybe it's time to switch from Secured Servers LLC to something a little more user friendly like CloudFlare or StackPath?
If you want some pro-bono consulting, feel free to ask. If I sound a little irritated it's because we're almost in 2020 and you guys are still sending cleartext user data all over the effing internet. Always happy to help my little corners of the internet operate in a more secure fashion.
originally posted by: roadgravel
In case AnonyMason shows here, you don't seem to even understand what https does.
LMFAO.
a reply to: roadgravel
Not sure why this is something you want to debate so hotly.
HTTPS is literally the bare minimum a site can do to provide a safer environment for the users. Suggesting otherwise is pure ignorance.
Not sure why this is something you want to debate so hotly.
HTTPS is literally the bare minimum a site can do to provide a safer environment for the users. Suggesting otherwise is pure ignorance.
a reply to: AnonyMason
I am just pointing out you don't seem to understand what it is and what it does.
I am just pointing out you don't seem to understand what it is and what it does.
a reply to: roadgravel
(For Authentication Only)
(For Authentication Only)
edit on 5-11-2019 by Slichter because: (no reason given)
Ed - nevermind
edit on 5-11-2019 by AnonyMason because: (no reason given)
i have a question :
what is the absolute worst that can happen ?
^ the context of this is " because ATS.com = " not secure "" then xxxxxxxxxxxx could happen to me "
so what is the worst itteration of XXXXXXXXXXX ???????????
my opinion is :
" they " could spoof my account and post " as me "
to which my response is meh - it would be amusing to see how many people fail to realise that its a hacker not the real me
this user name - is really only active on ATS nowadays - it still has accounts at various places - but nothing of consequence - i is on metabunk , bad astronomy and a few other holdovers - but most things i used this sign up for a long dead
no one can use the account to upload anything to my devices remotely
so stop being paranoid - this is only a forum .
what is the absolute worst that can happen ?
^ the context of this is " because ATS.com = " not secure "" then xxxxxxxxxxxx could happen to me "
so what is the worst itteration of XXXXXXXXXXX ???????????
my opinion is :
" they " could spoof my account and post " as me "
to which my response is meh - it would be amusing to see how many people fail to realise that its a hacker not the real me
this user name - is really only active on ATS nowadays - it still has accounts at various places - but nothing of consequence - i is on metabunk , bad astronomy and a few other holdovers - but most things i used this sign up for a long dead
no one can use the account to upload anything to my devices remotely
so stop being paranoid - this is only a forum .
a reply to: research100
Sure can. Mozilla, Microsoft, and Google have adopted the stance that all websites should be using HTTPS. If you're using Chrome or Firefox there will be an info icon to the left of the URL field on your browser. It will say insecure if the site is transmitting data using standard HTTP.
Encrypt the Web
a reply to: ignorant_ape
Again, that's fine for you. Your data, your choices. If you have no problem transmitting clear data to all the ad services that are being utilized on this site, that's your prerogative.
As to your bull crap "what's the worst that can happen?" scenario open your mind to a few simple realities. 90% of the internet uses one password for nearly every account they create. ATS requires an email address to register, and a great deal of people will use their primary email address for that, as well. Say, ATS leaks clear text data and user passwords are compromised by a third party, now your email address is also compromised. What's linked to email addresses? Financial data, billing cycles for your other online memberships, netflix, hulu, all your Amazon Prime transactions, UPS, Fedex (meaning your home address).
So lets not pretend like this is over reacting. This kind of stuff happens literally everyday. And it mostly happens because of people's attitudes that mirror your own.
Furthermore, it's taken me less than five minutes to discover how ATS handles the user login cookies. Authenticated users have two session cookies created when they log in. Both are transmitted in the clear and only one is hashed with what appears to be MD5. xmbuser=AnonyMason and xmbpw=faab1e6d710ac1c3318aacbf16b9823d. Best practices for how a domain handles it's cookies suggests that no critical information should be stored in cookies. Passwords are critical information. Brute forcing md5 hashes isn't that hard these days.
But it's cool. I'm sure all of the users on ATS are familiar with all of this. I'm sure they all know the best ways to protect themselves. Just keep listening to roadgravel. Encryption is no big deal.
Sure can. Mozilla, Microsoft, and Google have adopted the stance that all websites should be using HTTPS. If you're using Chrome or Firefox there will be an info icon to the left of the URL field on your browser. It will say insecure if the site is transmitting data using standard HTTP.
Encrypt the Web
a reply to: ignorant_ape
Again, that's fine for you. Your data, your choices. If you have no problem transmitting clear data to all the ad services that are being utilized on this site, that's your prerogative.
As to your bull crap "what's the worst that can happen?" scenario open your mind to a few simple realities. 90% of the internet uses one password for nearly every account they create. ATS requires an email address to register, and a great deal of people will use their primary email address for that, as well. Say, ATS leaks clear text data and user passwords are compromised by a third party, now your email address is also compromised. What's linked to email addresses? Financial data, billing cycles for your other online memberships, netflix, hulu, all your Amazon Prime transactions, UPS, Fedex (meaning your home address).
So lets not pretend like this is over reacting. This kind of stuff happens literally everyday. And it mostly happens because of people's attitudes that mirror your own.
Furthermore, it's taken me less than five minutes to discover how ATS handles the user login cookies. Authenticated users have two session cookies created when they log in. Both are transmitted in the clear and only one is hashed with what appears to be MD5. xmbuser=AnonyMason and xmbpw=faab1e6d710ac1c3318aacbf16b9823d. Best practices for how a domain handles it's cookies suggests that no critical information should be stored in cookies. Passwords are critical information. Brute forcing md5 hashes isn't that hard these days.
But it's cool. I'm sure all of the users on ATS are familiar with all of this. I'm sure they all know the best ways to protect themselves. Just keep listening to roadgravel. Encryption is no big deal.
Because they have things like your IP address, your username, the password you use for this site, and potentially other personally identifiable information you store in your browser.
Without SSL/TLS and HTTPS that data is sent in clear form and will be sent to anyone ATS decides they want to share it with.
IP address encrypted during send using https? Really?
It is going to prevent ATS from giving it to other companies? So you think it is encrypted forever?
I don't care how ATS does this. But many people come here crying about not using https and don't even know what they are talking about.
Encrypted IP, haha.
edit on 11/6/2019 by roadgravel because: (no reason given)
a reply to: roadgravel
I didn't come close to saying that HTTPS will encrypt your IP address. Now your just twisting my words up to suit your trollery.
The ATS privacy policy clearly states that your IP address is stored and shared with third parties. I was pointing that out for the users who aren't familiar with what kind of data is stored by this website and other in general.
I didn't come close to saying that HTTPS will encrypt your IP address. Now your just twisting my words up to suit your trollery.
The ATS privacy policy clearly states that your IP address is stored and shared with third parties. I was pointing that out for the users who aren't familiar with what kind of data is stored by this website and other in general.
a reply to: AnonyMason
Read the words you posted.
You said this list of data items and then "that data is sent in clear form" but you want it encrypted.
Seems you are the one who came here to troll the subject.
Anyway, HTTPS does not prevent ATS from sharing your data.
Read the words you posted.
You said this list of data items and then "that data is sent in clear form" but you want it encrypted.
Seems you are the one who came here to troll the subject.
Anyway, HTTPS does not prevent ATS from sharing your data.
edit on 11/7/2019 by roadgravel because: (no reason given)
new topics
-
BIDEN Admin Begins Planning For January 2025 Transition to a New President - Today is 4.26.2024.
2024 Elections: 2 hours ago -
Big Storms
Fragile Earth: 3 hours ago -
Where should Trump hold his next rally
2024 Elections: 6 hours ago -
Shocking Number of Voters are Open to Committing Election Fraud
US Political Madness: 6 hours ago -
Gov Kristi Noem Shot and Killed "Less Than Worthless Dog" and a 'Smelly Goat
2024 Elections: 7 hours ago -
Falkville Robot-Man
Aliens and UFOs: 7 hours ago -
James O’Keefe: I have evidence that exposes the CIA, and it’s on camera.
Whistle Blowers and Leaked Documents: 8 hours ago -
Australian PM says the quiet part out loud - "free speech is a threat to democratic dicourse"...?!
New World Order: 9 hours ago -
Ireland VS Globalists
Social Issues and Civil Unrest: 9 hours ago -
Biden "Happy To Debate Trump"
2024 Elections: 10 hours ago
top topics
-
James O’Keefe: I have evidence that exposes the CIA, and it’s on camera.
Whistle Blowers and Leaked Documents: 8 hours ago, 16 flags -
Australian PM says the quiet part out loud - "free speech is a threat to democratic dicourse"...?!
New World Order: 9 hours ago, 14 flags -
Blast from the past: ATS Review Podcast, 2006: With All Three Amigos
Member PODcasts: 12 hours ago, 13 flags -
Biden "Happy To Debate Trump"
2024 Elections: 10 hours ago, 12 flags -
Ireland VS Globalists
Social Issues and Civil Unrest: 9 hours ago, 9 flags -
Mike Pinder The Moody Blues R.I.P.
Music: 12 hours ago, 8 flags -
What is the white pill?
Philosophy and Metaphysics: 12 hours ago, 6 flags -
Shocking Number of Voters are Open to Committing Election Fraud
US Political Madness: 6 hours ago, 6 flags -
RAAF airbase in Roswell, New Mexico is on fire
Aliens and UFOs: 10 hours ago, 5 flags -
Where should Trump hold his next rally
2024 Elections: 6 hours ago, 5 flags
active topics
-
SETI chief says US has no evidence for alien technology. 'And we never have'
Aliens and UFOs • 79 • : SchrodingersRat -
Gold and silver prices....woo hoo
History • 88 • : SchrodingersRat -
University of Texas Instantly Shuts Down Anti Israel Protests
Education and Media • 314 • : Schmoe3755 -
BIDEN Admin Begins Planning For January 2025 Transition to a New President - Today is 4.26.2024.
2024 Elections • 10 • : BingoMcGoof -
President BIDEN's FBI Raided Donald Trump's Florida Home for OBAMA-NORTH KOREA Documents.
Political Conspiracies • 39 • : AwakeNotWoke -
Gov Kristi Noem Shot and Killed "Less Than Worthless Dog" and a 'Smelly Goat
2024 Elections • 55 • : AwakeNotWoke -
RAAF airbase in Roswell, New Mexico is on fire
Aliens and UFOs • 10 • : Ophiuchus1 -
Big Storms
Fragile Earth • 13 • : AwakeNotWoke -
SHORT STORY WRITERS CONTEST -- April 2024 -- TIME -- TIME2024
Short Stories • 26 • : Encia22 -
Biden "Happy To Debate Trump"
2024 Elections • 50 • : Lumenari