posted on Mar, 5 2020 @ 04:13 PM
I'm astonished to see that this site, a conspiracy site etc, a home for the paranoid etc would be served via unencrypted HTTP only.
I was going through my saved passwords to delete stuff I don't use anymore and remembered this site.
I believe no one has not heard of the Snowden revelations and how the NSA and others are saving every bit of traffic that is transfered over the
internet. But they can't, at least not easily, decode encrypted traffic.
Also encrypted traffic, via https, also verifies that the content that came from one source is authentic and has not been tampered with.
Whereas unencrypted traffic like coming from this site right now is.. let's put it like this, if the NSA would be interested in targeting anyone as a
man-in-the-middle attacker, which they're absolutely capable of doing, a website like this would be a good source.
In the past one might've said, "Hey a x509 certificate is expensive, we don't have the money". There's letencrypt. It's mature, automated and
You could also say, "Our webserver can't handle the load", to which I'd say "Don't host on a potato". I get it, PHP is a slow language that
doesn't scale very well, but I believe the secrecy of your user's password is more important than neglible overhead via https enryption.
Well, of course one should use a dedicated password for every new location. But the reality is different. People are still using the same password for
multiple sites. I wouldn't be surprised if you even stored those passwords in clear text, given that the need to encrypt the traffic between your
server and your visitors is not being done.
I don't think I have to explain any more. https should be default, always.