Have fucking https

[Binner]

Hi MCM,

I don't like sending non encrypted data at all - Especially when it's login stuff.

MCM is massive, so I'm wondering: Why the fuck is there not an SSL cert?

You can literally put a self signed ssl cert on the server then enable full ssl on cloudlfare

Please explain,

Jack

 

[Fire]

http://www.mc-market.org/threads/112499/
http://www.mc-market.org/threads/122340/
http://www.mc-market.org/threads/148877/
http://www.mc-market.org/threads/102782/

Been suggested quite a number of times before.

 

[Binner]

"don't want to"

then i'm gonna leave this site if they don't want to encrypt my fucking personal info


UGHHHH

 

[Ajdin]

then i'm gonna leave this site if they don't want to encrypt my fucking personal info

Okay? Leave then? No need to announce it here.

Even though I agree:
This has been suggested several times as stated above and you should use the search feature instead. Also, just an fyi, using the word "fuck" every post/sentence doesn't make you cool. It makes you look like a LQ shitposter.[DOUBLEPOST=1504127047][/DOUBLEPOST]

That'a a terrible excuse.

It's not an excuse, it's a fact. Basic English stuff

 

[Binner]

Okay? Leave then? No need to announce it here.

Even though I agree:
This has been suggested several times as stated above and you should use the search feature instead. Also, just an fyi, using the word "fuck" every post/sentence doesn't make you cool. It makes you look like a LQ shitposter.[DOUBLEPOST=1504127047][/DOUBLEPOST]
It's not an excuse, it's a fact. Basic English stuff

i am a shitposter tho

 

[Ajdin]

i am a shitposter tho

Being a shitposter still doesn't prevent you from using the search feature instead of double posting threads.

 

[Ivain]

HTTPS is not just encrypting personal info. I was planning to make a very detailed suggestion on the reasons to get HTTPS, but I lacked the time to do all the proper research.
Cut very short, a main thing is that while on a HTTP connection, your ISP can see what you're doing on a site, and thus basically spy on you no matter what you're doing or whether or not you're in incognito mode (so yes, your ISP would know your tastes if they cared to check). This is not immediately obvious as a reason for MCM to have it, but in the hobbyist research I've been doing it seems a lot of the reasons to NOT get HTTPS (which I believe I agreed with in the past) are not actually true.

This is why my post would need to be so detailed, because it includes some research as well as quotes from public infosec experts. Expect it in the next week or so.

 

[lAkjtzAZ0]

If I remember correctly they tried HTTPS for a short time before, and one reason that was listed a while back had something to do with not being able to make as much money with ads so I assume that's still got something to do with it.

 

[Ivain]

If I remember correctly they tried HTTPS for a short time before, and one reason that was listed a while back had something to do with not being able to make as much money with ads so I assume that's still got something to do with it.

Ah yes, it might have been something with visits dropping or something. Anyway, in a month or two, everyone with updated firefox/chrome will receive a warning upon logging into the site, which might deter a lot of new users too.

 

[omarhachach]

HTTPS is not just encrypting personal info. I was planning to make a very detailed suggestion on the reasons to get HTTPS, but I lacked the time to do all the proper research.
Cut very short, a main thing is that while on a HTTP connection, your ISP can see what you're doing on a site, and thus basically spy on you no matter what you're doing or whether or not you're in incognito mode (so yes, your ISP would know your tastes if they cared to check). This is not immediately obvious as a reason for MCM to have it, but in the hobbyist research I've been doing it seems a lot of the reasons to NOT get HTTPS (which I believe I agreed with in the past) are not actually true.

This is why my post would need to be so detailed, because it includes some research as well as quotes from public infosec experts. Expect it in the next week or so.

From a more technical standpoint: With the amount of requests each of MCM's pages send, HTTPS could enable a "new" (it's quite old at this point) protocol called HTTP/2, what it does is route all the requests through one TCP pipeline.
This means that it only opens one request to each host, so it doesn't have to do one whole roundtrip for each of the many requests MCM has.

This could lead to a noticable speedup, even with the slowdown TLS comes with.

Still doubt it will get implemented, with the amount of times it has gotten rejected.

 

[Trump]

Agreed.

 

[Phewo]

Agreed.

http://usetheagreebutton.com/

 

[Trump]

http://usetheagreebutton.com/

http://alreadydidthat.com

 

[Phewo]

http://alreadydidthat.com

It's an actual website. xD

 

[Trump]

It's an actual website. xD

LOLOLOL[DOUBLEPOST=1504128206][/DOUBLEPOST]

It's an actual website. xD

That's actually hillarious who made that?

 

[Phewo]

LOLOLOL[DOUBLEPOST=1504128206][/DOUBLEPOST]
That's actually hillarious who made that?

Mick

 

[poncethecat]

Troy Hunt wrote a really good article about this a few months ago, shutting down all arguments against using HTTPS.
His Article: https://www.troyhunt.com/dont-take-security-advice-from-seo-experts-or-psychics-neil-patel/
Relevant Website: https://doesmysiteneedhttps.com/

 

[Ivain]

Troy Hunt wrote a really good article about this a few months ago, shutting down all arguments against using HTTPS.
His Article: https://www.troyhunt.com/dont-take-security-advice-from-seo-experts-or-psychics-neil-patel/
Relevant Website: https://doesmysiteneedhttps.com/

Ah, this was one of the articles I was gonna quote in my own post, good job.