Site not secure - request for a certificate

Post your feedback, thoughts, questions and ideas on the main site here.
User avatar
lobster
*
Posts: 34
Joined: 20 Sep 2014, 10:20

Site not secure - request for a certificate

Post by lobster »

Hi,

I noticed that both http://boundanna.net and http://bounanna.com are not encrypted and secured by a certificated. The forum traffic, subsequently, is also visible 'on the line'. Given the topic and, much understood, need for privacy on the web, I would like to request a certificate be placed on both domains and all services.

To request these certificates, please consider the service https://letsencrypt.org/. It is well know, supported, respected and, perhaps best of all, free.

Thanks

edit: it looks like there already was a topic for this - http://forum.boundanna.net/board/viewto ... f=3&t=8086
User avatar
bound_jenny
Moderator
Posts: 10268
Joined: 09 Dec 2007, 12:37
Location: Montreal, Canada, Great Kinky North

Re: Site not secure - request for a certificate

Post by bound_jenny »

This is an open forum anyway. Anyone, even non-members, can read posts made here. Though this could be viewed as a disadvantage security-wise (though I don't think anyone here is using their true offline identity as their user name - which isn't recommended in any case), there is an advantage that people seeking a community like ours to share their kink can discover it and read a little before deciding to join.

Nearly twelve years ago, that was my case (as it was for many).

I don't have any issues with this forum not being encrypted. I have no private information stored here, and not even in my own computer! That's security 101 - don't leave your information lying around for ill-intentioned people to pick up.

Jenny.
Helplessness is a doorway to the innermost reaches of the soul.
If my corset isn't tight, it just isn't right!
Kink is the spice of life!
Come to the Dark Side - we have cookies!
User avatar
Shannon SteelSlave
Moderator
Posts: 6531
Joined: 03 Feb 2019, 19:49
Location: New England, USA

Re: Site not secure - request for a certificate

Post by Shannon SteelSlave »

I just saw Bing [Bot] reading this. They're onto us already. Why does Yandex [Bot] like self bondage discussions anyway?
Bondage is like a foreign film without subtitles. Only through sharing and practice can we hope to understand.
A Jedi uses bondage for knowledge and defense, never for attack.
I am so smart! I am so smart! S-M-R-T!....I, I mean S-M-A-R-T!
👠👠
User avatar
lobster
*
Posts: 34
Joined: 20 Sep 2014, 10:20

Re: Site not secure - request for a certificate

Post by lobster »

Hi Jenny,

thanks for you reply.
bound_jenny wrote:This is an open forum anyway. Anyone, even non-members, can read posts made here.
I appreciate this forum being open and accessible for non-members. This is how I also started, and I think many can relate. However, this seems like a separate discussion and line of argument, unrelated to the use of HTTPS. There is nothing in HTTPS that prevents non-members of browsing the public and open forum, or search engines indexing its content. These certificates don't encrypt data at rest, they encrypt data in-transit and assure users they visited the site they intended - the little green lock in the url bar is sign sign of confidence people come to expect..

I agree with your statement and good advice not to store any personally identifiable information on the site. But there are scenario's where your tech-savvy roommate or the free-wifi in the neighbourhood monitors internet traffic. Leaving users exposed without their direct knowledge. Having a certificate on your website mitigates these Man-In-The-Middle attacks.

Lastly, Google and all major browser vendors are already penalising non-https sites [1]. This because, as an individual site, the information leakage might be benign, it is often the combination of different sources that result in harm. The penalties come in the form of giving this website a lower rating in search results, making it harder for new users to find, and/or displaying a warning message prior to opening, scaring new users away. I feel both go directly against your interest of having an open forum and the desire to accommodate non-members in their journey.

[1] https://www.youtube.com/watch?v=cBhZ6S0PFCY
User avatar
bound_jenny
Moderator
Posts: 10268
Joined: 09 Dec 2007, 12:37
Location: Montreal, Canada, Great Kinky North

Re: Site not secure - request for a certificate

Post by bound_jenny »

Shannon SteelSlave wrote:I just saw Bing [Bot] reading this. They're onto us already. Why does Yandex [Bot] like self bondage discussions anyway?
Some are goo-goo for Google{Bot]s...

Not quite as tasty as Cocoa Puffs, but you can only be coo-coo for them. You can't be goo-goo for them.

Unlike Cocoa Puffs, the Google[Bot]s don't appreciate being soaked in milk. :mrgreen:

Jenny.
Helplessness is a doorway to the innermost reaches of the soul.
If my corset isn't tight, it just isn't right!
Kink is the spice of life!
Come to the Dark Side - we have cookies!
User avatar
Shannon SteelSlave
Moderator
Posts: 6531
Joined: 03 Feb 2019, 19:49
Location: New England, USA

Re: Site not secure - request for a certificate

Post by Shannon SteelSlave »

Why don't they stick to their own species (sort of) and just browse software?
Thanks for tolerating my 'bot fears again. Should be a few months until they flare up again.
Bondage is like a foreign film without subtitles. Only through sharing and practice can we hope to understand.
A Jedi uses bondage for knowledge and defense, never for attack.
I am so smart! I am so smart! S-M-R-T!....I, I mean S-M-A-R-T!
👠👠
Sergio
***
Posts: 255
Joined: 26 Mar 2016, 17:07
Location: UK, London

Re: Site not secure - request for a certificate

Post by Sergio »

I'll echo what lobster wrote. It's not a dealbreaker for me because I control the internet connection and access sites of a personal nature from a dedicated virtual machine but it could affect others.

Without HTTPS someone with access to the router logs would be able to tell not just which computer accessed which site and when but what pages they looked at and potentially for how long. If you access from work or a public internet that would be the network administrator, at home the person who manages the internet (parent, spouse).

WIth HTTPS they would only be able to see the IP address of the server hosting the site (which could also be hosting many other sites) and potentially the original DNS lookup. With secure DNS on the horizon even that won't be possible.

Depending on how this site is hosted adding a certificate could be very straightforward and with LetsEncrypt now accepted by most browsers, there would be no expense. Feel free to pm if you'd like technical advice.
User avatar
anna
Site Admin
Posts: 1842
Joined: 06 Mar 2006, 22:42
Location: European Union
Contact:

Re: Site not secure - request for a certificate

Post by anna »

lobster wrote:I noticed that both http://boundanna.net and http://boundanna.com are not encrypted... (cut short and edited by Anna)
Hi Lobster! Thanks for your post. I have traditionally been rather negative to any form of encryption but I have understood that it would be good to have. The last year I have experimented trying to get encryption to work for BA by pulling on levers, pushing buttons and generally messing up settings. As you can see I have been somewhat less than successful in my adventures to add that extra S in the address bar. I guess that what it comes down to is that our host simply do not want to offer the service we need without getting paid for it. So where we stand as this moment is that yes, encryption is planed but currently there is no money for it*. (Also note, yes it might be wise to change host to a better more friendly host but this is a gigantic project and I can not do this at this time.)


(*Anyone who have been visiting this dark corner of the web for a while will have noticed something that has changed in these forums. Advertising. BA has always been run with the philosophy that it should pay for itself with the help of as non-intrusive advertising as possible. This no longer works and we have reached a situation where the future of the whole website is in question unless things improve.
Big hugs to all those who have made and continue to make this website possible, it would not be here without you.)
A glass of water longing for the ocean.
User avatar
Shannon SteelSlave
Moderator
Posts: 6531
Joined: 03 Feb 2019, 19:49
Location: New England, USA

Re: Site not secure - request for a certificate

Post by Shannon SteelSlave »

anna wrote: So where we stand as this moment is that yes, encryption is planed but currently there is no money for it*. (Also note, yes it might be wise to change host to a better more friendly host but this is a gigantic project and I can not do this at this time.)
we have reached a situation where the future of the whole website is in question unless things improve.
Big hugs to all those who have made and continue to make this website possible, it would not be here without you.)
Anna, whatever you need from me, please ask. Anything within my abilities, or even outside of them, as I really don't know my own strength as of yet. I have played many roles around here, some natural, some I had to learn, and some I had to put on a new face to accomplish, and have learned a lot.
Lobster, I hope my attempt to break the tension with humour was not ill-received. Shannon salutes you :hi:
Bondage is like a foreign film without subtitles. Only through sharing and practice can we hope to understand.
A Jedi uses bondage for knowledge and defense, never for attack.
I am so smart! I am so smart! S-M-R-T!....I, I mean S-M-A-R-T!
👠👠
User avatar
anna
Site Admin
Posts: 1842
Joined: 06 Mar 2006, 22:42
Location: European Union
Contact:

Re: Site not secure - request for a certificate

Post by anna »

Shannon SteelSlave wrote:Anna, whatever you need from me, please ask. Anything within my abilities
Thanks. You are already doing loads of simply being an active member here. There are loads of friends of this site that is doing lots to keep it running. I do not ask that anyone should do anything more or less than they do now. The issues will either sort themselves out or they will not, future will tell. The way this site is run rely on active members who share their ideas with the rest of us and a small amount of passive non members who might instead take an interest in any of the external websites advertised. Everyone above the age of 21 is welcome here and you all contribute in different ways. :hi:
A glass of water longing for the ocean.
User avatar
Shannon SteelSlave
Moderator
Posts: 6531
Joined: 03 Feb 2019, 19:49
Location: New England, USA

Re: Site not secure - request for a certificate

Post by Shannon SteelSlave »

Might I ask for your help on my latest crazy scheme? Should be fun. I promise.
Bondage is like a foreign film without subtitles. Only through sharing and practice can we hope to understand.
A Jedi uses bondage for knowledge and defense, never for attack.
I am so smart! I am so smart! S-M-R-T!....I, I mean S-M-A-R-T!
👠👠
User avatar
anna
Site Admin
Posts: 1842
Joined: 06 Mar 2006, 22:42
Location: European Union
Contact:

Re: Site not secure - request for a certificate

Post by anna »

Shannon SteelSlave wrote:Might I ask for your help on my latest crazy scheme? Should be fun. I promise.
Send me a PM and we will see what can be done.
A glass of water longing for the ocean.
User avatar
lobster
*
Posts: 34
Joined: 20 Sep 2014, 10:20

Re: Site not secure - request for a certificate

Post by lobster »

Hi Anna,

thanks for your comments in the discussion. It's a shame to learn the hosting party is charging for what is essentially a commodity these days.

One other option to consider is to put cloudflare.com in front of the site. Cloud Flare offers a lot of networking tools, optimisations and protection. And they also support Flexible SSL - this allows a secure HTTPS connection between the visitor and Cloudflare, but forces Cloudflare to connect to your origin web server over unencrypted HTTP. An SSL certificate is not required on your origin web server and visitors will still see the site as being HTTPS enabled.

Perhaps less ideal, as the content is only partially encrypted, but it does protect users during the most vulnerable leg of their journey. Cloud Flare has a free plan that can be used and has no problem with adult content.

@Shannon no worries, thanks :)

Here is a relevant part in the CF documentation - https://support.cloudflare.com/hc/en-us ... SL-options
User avatar
anna
Site Admin
Posts: 1842
Joined: 06 Mar 2006, 22:42
Location: European Union
Contact:

Re: Site not secure - request for a certificate

Post by anna »

lobster wrote:One other option to consider is to put cloudflare.com in front of the site.
Thanks, that looks interesting.
A glass of water longing for the ocean.
KinkInSpace
*****
Posts: 2141
Joined: 24 Dec 2015, 16:11
Location: Netherlands

Re: Site not secure - request for a certificate

Post by KinkInSpace »

Does your hoster not even support the free and open-source "Lets Encrypt"? Even the free webhosting services have lets-encrypt support nowadays.

For me it kind of is a dealbreaker to not have SSL support because more and more browsers start to actively reject non-https sites and it is a security risk when it comes to intercepting someone's username and password, which is the whole reason everyone and everything is migrating to SSL nowadays.
Formally known as Slave_L.
I'm not yet very comfortable expressing my love for kink from my private life. I will therefor hide behind my username KinkInSpace and not allow any connections to who I really am. I'm sure you'll understand.
Post Reply