HTTPS/SSL - Local Privacy I'm Willing to Pay For

Posted:
in Feedback edited October 2014
I'd love for AI to have, at least, their forum protected with SSL. I've even be willing to pay for this premium option.

Also, have you seen that Google is giving a Page Rank boost to those that use SSL?

[LIST]
[*] http://googlewebmastercentral.blogspot.com/2014/08/https-as-ranking-signal.html
[/LIST]

Comments

  • Reply 1 of 8
    muppetrymuppetry Posts: 3,331member
    solipsismx wrote: »
    I'd love for AI to have, at least, their forum protected with SSL. I've even be willing to pay for this premium option.

    Also, have you seen that Google is giving a Page Rank boost to those that use SSL?

    Any particular reason? It obviously wouldn't hurt, but it doesn't seem like forum transactions are especially sensitive in terms of content.
  • Reply 2 of 8
    solipsismxsolipsismx Posts: 19,566member
    muppetry wrote: »
    Any particular reason? It obviously wouldn't hurt, but it doesn't seem like forum transactions are especially sensitive in terms of content.

    For security and privacy. Do you not think that Facebook or Twitter usage shouldn't use SSL? I do, and yet pretty much any single comment I make on either isn't really going to be a sensitive comment. I am anonymous on this site for a reason but I have revealed plenty of personal info about myself over the years. That's simply a fact of participating in a community. Really anything that can keep someone unaware of your activity would be nice.
  • Reply 3 of 8
    muppetrymuppetry Posts: 3,331member
    solipsismx wrote: »
    muppetry wrote: »
    Any particular reason? It obviously wouldn't hurt, but it doesn't seem like forum transactions are especially sensitive in terms of content.

    For security and privacy. Do you not think that Facebook or Twitter usage shouldn't use SSL? I do, and yet pretty much any single comment I make on either isn't really going to be a sensitive comment. I am anonymous on this site for a reason but I have revealed plenty of personal info about myself over the years. That's simply a fact of participating in a community. Really anything that can keep someone unaware of your activity would be nice.

    Agreed, but FB and Twitter are a bit more far reaching since you can use those credentials to sign into numerous other sites and services. AI is just a single discussion site, and the information that you post to AI is public as soon as you post it anyway, but clearly someone could steal your login details, which would be a nuisance at least. Extra security and privacy is always good - I was just surprised that you would be willing to pay for that extra security on this site.
  • Reply 4 of 8
    solipsismxsolipsismx Posts: 19,566member
    muppetry wrote: »
    Agreed, but FB and Twitter are a bit more far reaching since you can use those credentials to sign into numerous other sites and services. AI is just a single discussion site, and the information that you post to AI is public as soon as you post it anyway, but clearly someone could steal your login details, which would be a nuisance at least. Extra security and privacy is always good - I was just surprised that you would be willing to pay for that extra security on this site.

    I'm not talking about the login, even though that info could be stolen and be an issue for people that still use the same password for every site, but just general info on what I view and post.
  • Reply 5 of 8
    muppetrymuppetry Posts: 3,331member
    solipsismx wrote: »
    muppetry wrote: »
    Agreed, but FB and Twitter are a bit more far reaching since you can use those credentials to sign into numerous other sites and services. AI is just a single discussion site, and the information that you post to AI is public as soon as you post it anyway, but clearly someone could steal your login details, which would be a nuisance at least. Extra security and privacy is always good - I was just surprised that you would be willing to pay for that extra security on this site.

    I'm not talking about the login, even though that info could be stolen and be an issue for people that still use the same password for every site, but just general info on what I view and post.

    Fair enough. As I said, privacy and security is always good but, at least for me, not significant enough to pay extra for on a public forum. The chance that someone intercepts my LAN traffic and figures out that I'm posting on AI doesn't bother me very much.
  • Reply 6 of 8
    solipsismxsolipsismx Posts: 19,566member
    muppetry wrote: »
    Fair enough. As I said, privacy and security is always good but, at least for me, not significant enough to pay extra for on a public forum. The chance that someone intercepts my LAN traffic and figures out that I'm posting on AI doesn't bother me very much.

    Not a huge concern for me as I am posting, but I'd pay a small annual stipend to have that capability.
  • Reply 7 of 8
    MarvinMarvin Posts: 14,834moderator
    muppetry wrote: »
    The chance that someone intercepts my LAN traffic and figures out that I'm posting on AI doesn't bother me very much.

    If you used the same password for an email account, that could be some cause for concern but you'd really have to be using public wifi and that should be encrypted using an SSL proxy anyway.

    This would be up to Huddler to implement but they use load-balanced servers and host multiple sites. There isn't a single dedicated server to install a certificate on. Facebook and Twitter have their own data centers dedicated to just their sites. You generally need a dedicated IP per SSL certificate otherwise you have to use SNI ( http://en.wikipedia.org/wiki/Server_Name_Indication ). The SSL costs plus dedicated IP (possibly multiple IPs) and effort implementing it is probably more than the site wants to deal with.

    The real solution to this is to migrate to protocol-level encryption ( http://ipv6.com/articles/security/IPsec.htm ). It shouldn't require a certificate to enable SSL. The certificate is just intended to verify that you are who you say you are as verified by a 3rd party but they hand them out casually so that part of them isn't particularly important.
  • Reply 8 of 8
    solipsismxsolipsismx Posts: 19,566member
    Marvin wrote: »
    The SSL costs plus dedicated IP (possibly multiple IPs) and effort implementing it is probably more than the site wants to deal with.

    That's too bad.
Sign In or Register to comment.