HTTPS/SSL - Local Privacy I'm Willing to Pay For
I'd love for AI to have, at least, their forum protected with SSL. I've even be willing to pay for this premium option.
Also, have you seen that Google is giving a Page Rank boost to those that use SSL?
[LIST]
[*] http://googlewebmastercentral.blogspot.com/2014/08/https-as-ranking-signal.html
[/LIST]
Also, have you seen that Google is giving a Page Rank boost to those that use SSL?
[LIST]
[*] http://googlewebmastercentral.blogspot.com/2014/08/https-as-ranking-signal.html
[/LIST]
Comments
Any particular reason? It obviously wouldn't hurt, but it doesn't seem like forum transactions are especially sensitive in terms of content.
For security and privacy. Do you not think that Facebook or Twitter usage shouldn't use SSL? I do, and yet pretty much any single comment I make on either isn't really going to be a sensitive comment. I am anonymous on this site for a reason but I have revealed plenty of personal info about myself over the years. That's simply a fact of participating in a community. Really anything that can keep someone unaware of your activity would be nice.
Agreed, but FB and Twitter are a bit more far reaching since you can use those credentials to sign into numerous other sites and services. AI is just a single discussion site, and the information that you post to AI is public as soon as you post it anyway, but clearly someone could steal your login details, which would be a nuisance at least. Extra security and privacy is always good - I was just surprised that you would be willing to pay for that extra security on this site.
I'm not talking about the login, even though that info could be stolen and be an issue for people that still use the same password for every site, but just general info on what I view and post.
Fair enough. As I said, privacy and security is always good but, at least for me, not significant enough to pay extra for on a public forum. The chance that someone intercepts my LAN traffic and figures out that I'm posting on AI doesn't bother me very much.
Not a huge concern for me as I am posting, but I'd pay a small annual stipend to have that capability.
If you used the same password for an email account, that could be some cause for concern but you'd really have to be using public wifi and that should be encrypted using an SSL proxy anyway.
This would be up to Huddler to implement but they use load-balanced servers and host multiple sites. There isn't a single dedicated server to install a certificate on. Facebook and Twitter have their own data centers dedicated to just their sites. You generally need a dedicated IP per SSL certificate otherwise you have to use SNI ( http://en.wikipedia.org/wiki/Server_Name_Indication ). The SSL costs plus dedicated IP (possibly multiple IPs) and effort implementing it is probably more than the site wants to deal with.
The real solution to this is to migrate to protocol-level encryption ( http://ipv6.com/articles/security/IPsec.htm ). It shouldn't require a certificate to enable SSL. The certificate is just intended to verify that you are who you say you are as verified by a 3rd party but they hand them out casually so that part of them isn't particularly important.
That's too bad.