SSL Certificate, please add this.

[Aderm]

I've seen other threads on this, and it was denied because it costs money.
Thing is, cloudflare provides a free ssl in their Security tab.

Why SSL?
It's secure. It encrypts logins and data transmitted between the user and server.

What about external images using HTTP?
Xenforo has an image proxy built right into it, find it:
Settings > Options > Messages > Image and Link Proxy

Please, please add this. It's so simple and gives extra security.

 

[Khaled E.]

Facebook / Twitter / Google makes over $50,000 a day from their advertisements and stuff. If you don't believe me, read "Ask.com's posts on this, they've posted this with proof"

50k only?
That is like 1500k
Which seems pretty low for that kind of companies :/

 

[lAkjtzAZ0]

do you have any idea how this works? google chrome isn’t marking sites insecure randomly.

non HTTPS sites are marked as "not secure" by chrome. Doesn't matter how secure it might be, it's marked as insecure if it's HTTP and collects any data, and even warns you about entering any personal information.

 

[Mamba]

50k only?
That is like 1500k
Which seems pretty low for that kind of companies :/

Alright tons of things wrong with this statement

First off wdym "50k only" 50 grand is a ALOT OF MONEY not to mention that is a estimate to what they make each day

sometimes they might make 75 grand that day sometimes they make 45. either way 50 grand is a lot of money.

Secondly, 1500k isnt a number my man. (think before you type something you will regret)

Anyways my input on this is Mc-Market security should be secure but I doubt this site is TARGETED by people who can actually be a possible threat to this site so it really wouldn't be a problem for now im sure mc-market is safe, but i'm still new so if the site is growing at a rapid paste you should look into this more.

 

[Aderm]

Anyways my input on this is Mc-Market security should be secure but I doubt this site is TARGETED by people who can actually be a possible threat to this site so it really wouldn't be a problem for now im sure mc-market is safe, but i'm still new so if the site is growing at a rapid paste you should look into this more.

I've seen 10 playerbase minecraft servers get targeted, anywhere can get targeted.

 

[Mamba]

I've seen 10 playerbase minecraft servers get targeted, anywhere can get targeted.

Yeh i understand that but what im saying is people who target the site most of the time aren't even a threat to this site i'm sure Mc-Market has a more superior security than the average site.

 

[Khaled E.]

Alright tons of things wrong with this statement

First off wdym "50k only" 50 grand is a ALOT OF MONEY not to mention that is a estimate to what they make each day

sometimes they might make 75 grand that day sometimes they make 45. either way 50 grand is a lot of money.

Secondly, 1500k isnt a number my man. (think before you type something you will regret)

Anyways my input on this is Mc-Market security should be secure but I doubt this site is TARGETED by people who can actually be a possible threat to this site so it really wouldn't be a problem for now im sure mc-market is safe, but i'm still new so if the site is growing at a rapid paste you should look into this more.

Yes 50k only for a company this large is very low
And according to some searchs I did
Facebook makes over a few millions a day it was making like 3 million 5 years ago
And I believe it is alot more than 5 million a day now

 

[Ajdin]

There's still no reason to make another thread about this. It's been suggested several times.

At the moment, there's 11 pages of suggestion threads. I'm sure there isn't need for another suggestion which has been discussed thoroughly several times. All points and arguments have been made previously by notable members and everything is just being repeated now. Hence why the majority of these threads don't even get decent responses anymore. It's simply not worth typing a large informative response due to the threads being ignored by the management of this site.

SSL should definitely be a thing, yes. However I don't have a lot of confidence in it. The implementation isn't that hard however I'm looking at this bug with avatars that's been around for a few days. It's somewhat funny that this still hasn't been dealt with. If they can't even get proper avatars working in a decent timespan, why do you think they would prioritize something such as SSL even though it's been suggested so many times. The worst part, we actually haven't gotten any decent response from the management yet.

In terms of bugs, there's been many in the past and it just takes really long for them to be resolved. Priorities aren't really set straight I think.

their download buttons have a "Create a server" feature

In my opinion, that's a pretty unfriendly way of advertising. While it may not matter much for getbukkit, MC-Market has a much stronger and closer community. It's not okay to mislead your users in such a similar way.

As for the rest of your post, I don't think much more can be done about ads on this site. The majority of the members have premium/supreme which are adfree. So implementing more ads (which might have a huge impact on the user experience of free members) is not worth it.

Relying on only banners could also have a very distinct advantage. They'd be able to counter adblockers. If you host the client's banners on your own site, I severely doubt that AdBlockers would start blocking images on your site, which could allow for a high conversion rate, especially since more people would be exposed to these advertisements.

Actually, it's fairly easily to block ads with adblock filters, hosted externally or on the same site, it doesn't matter. The question is, at this point you're pretty much having an ad-war with your users. Is that something you want? Adblocks don't block individual sites/servers for small sites just like that. Simply not worth it. They also rely on different techniques like naming CSS properties and such. E.g, having "advert" as a CSS property name or folder name might end up blocked on some adblocks automatically. That same way you can apply custom filters.


I don't think removing adsense would make the site die or make it even come close to that. From what I remember, less than 20% of the revenue is spent on actual costs. Adsense is only a fraction of that revenue if we talk in numbers.

That's a pretty big profit margin if you ask me and plenty of space to play around with.

Also, stop discussing if this site needs SSL or not. Any site that transmits any sort of user data needs SSL. In the EU, it's required by law to have SSL if you're transmitting login/user data.

That reminds me, is MC-Market working on GDPR implementation? A set of privacy laws set by the EU to protect EU Citizens in terms of data privacy & security. No matter where your business is situated, if you're processing data from EU Citizens, you're required to follow a set amount of laws. Enforcement starts somewhere in May '18 if I remember correctly and this is actually pretty serious since it's the first serious law change on user data protection & privacy since 1995. I'm sure we'll see some enforcement on the host providers their end eventually too so I wouldn't take this too lightly. Major companies such as Google, Microsoft, Amazon, etc are already enforcing it. Both my companies will too eventually. Anvilnode.com soon(since it's a bit more complicated), my local IT company already enforces it.

 

[matthewp]

Mick should just stop making up bullshit excuses for not adding it.

 

[matthewp]

I'm kind of on the same boat with Justis. IDRK why you guys actually care lol. It would look nice and cool to have a green lock with the word "Secure" next to the url, but it's not that big of a deal. This isn't Facebook or Twitter. No one is going to get your phone number. contacts, and nudes. They're all safe. Sometimes i think you guys just start threads like this just to get a big conversation going.

"It's not that big of a deal.", some Countries are enforcing HTTPS on sites that handle user-data, also it actually encrypts the data from the client to the back-end/data from the back-end to the client. It's not for having a green lock cause it looks cool, its because there is a security risk not having it. Also, web browsers like chrome say things to not put personal information into the site because of it.

 

[Ajdin]

I'm kind of on the same boat with Justis. IDK why you guys actually care lol. It would look nice and cool to have a green lock with the word "Secure" next to the url, but it's not that big of a deal. This isn't Facebook or Twitter. No one is going to get your phone number. contacts, and nudes. They're all safe. Sometimes i think you guys just start threads like this just to get a big conversation going.

You have no idea how easy it is to snoop network traffic. I'm legit able to capture all requests you make with your phone if I'm on the same network as you if the site you're browsing isn't using SSL. All I need for this is Android with superuser access.

For me, this isn't a problem since I usually use a VPN when on public networks.[DOUBLEPOST=1507846149][/DOUBLEPOST]

I know what SSL is/does. I'm just saying this isn't Facebook. MCM isn't asking for your mother's full name, your exact location including the zip and address. It's not asking for any of your "personal" data. You guys pay attention to the smallest things. Calm down. No one is going to steal your nudes.

You're transmitting your email and password. Enough reason to have SSL.

 

[Ajdin]

Aight man. Ima just wait for Mick to deny this and go about my day. Cya later.

So what's your argument? We shouldn't discuss this because Mick denies it? Or you're too pussy to provide good arguments because Mick will deny it?

I know Mick most likely won't implement SSL just like he hasn't implemented many things. But so what? I like voicing my opinion and sharing my knowledge where needed. Not something you should bitch about.

 

[bigthicc]

one day a fine programmer said adding <ssl /> tag to your html head makes your website impenetrable

 

[matthewp]

I'm not bitching lol. My point was you're not sharing any personal data. This isn't a hosting company where you have to enter in your credit card information. MCM isn't asking for access to your contacts. Like you said. Your most personal piece of data you have on this site would be the email, and you're giving away your email when you business on site everyday so why does that matter. Password? Oh yeh. Get my password because i totally use the same password for my Gmail, PayPal and Chase. Linking your Skype and Discord. That's data you put for everyone to see. Adding your location. I'm sure almost every user on this site wouldn't put down their physical mailing address.

Email, Password (People tend to use the same one for everything), Account Upgrades, etc. Still, there is no reason not to have SSL cause the positives MAJORLY out weight the negatives.

 

[Ajdin]

C'mon Mr. "I love to express my opinion". If you're gonna dislike. At least reply or are you too pussy lol?

You didn't really provide anything constructive in your whole post so there's no point. The thing I could have touched on is that not everyone uses a different password for every site but as matthewp covered that already, I saw no point in repeating as that wouldn't contribute to thread. It would just be another useless post, like the one I'm responding to at the moment.