Secure version of the forum

[Rigby]

Encryption is becoming the default. It's not just GCHQ/NSA spying, it's ISPs being asshats and spying on users for commercial purposes and that sort of thing.

Yep, it's easy for an ISP to inject ads on unencrypted pages.  It's easy for them to monitor all of your web browsing and all content to & from your house if it is unsecured.

I sometimes think of it more like "they don't need to know" even though I'm not doing anything worth looking at.

All traffic on the internet should be encrypted all the time, imho.

[linux-works]

again, https is broken here.  was working for a while, but now its getting a gateway error of some kind.

admins, do you need to change a setting?  was there a reboot lately where a setting may not have been made non-volatile?

[miguelvp]

It's a cloudfare setting, the actual server never had https setup, and for what is worth I just tried it and it works

[n45048]

HTTPS works for me -- Although I don't think it always used to.

[SeanB]

Resurrecting this old thread, it seems now that certain US ISP's are looking to monetise the user base by inserting advertising in the non SSL traffic going to their customers, as a money making method.

No guesses as to which one, but you probably will be right.

Thus it probably would be a good idea to use SSL on all web pages by default, as then at least the advertising is going to actually bring in income to Dave, as opposed to going to the ISP's coffers.

Not sure I would like such an ISP, but as they often are the monopoly in an area and the choice is them, them, them or them as far as you can cast your eye it might be difficult to change ISP without moving and getting a job where they are not the incumbent.

[linux-works]

sooner or later, all wise website owners WILL be enabling ssl.  some don't understand (dave really should; he's technical enough!) but the more progressive ones already are.

its not about cost, its not about cpu cycles, its not about wasting bandwidth (none of those are remotely significant).

its about having a clear uninterrupted path from you to your target destination.  as more isp's go the evil way of DPI (deep packet inspection), expect more 'inserted content' on unsecured paths.

at some point, people will say ENOUGH OF THIS SHIT! and the webmasters will have no choice but to join the modern era and turn on https.

it boggles my mind that dave does not care about this.  "MY isp does not do this, why should I care about yours?" is the drift I get from his lack of caring.  what a shame.  sometimes really smart people can be stubborn for no good reason at all ;(

dave, we look forward to your joining the modern age and removing the isp's ability to change and insert content on the fly.   on the day you enable website ssl mode, I'll donate a nice chunk of change to you, as a thank-you. 

[Bud]

HTTPS works for me -- Although I don't think it always used to.

Congratulations with getting a man-in-the-middle in your browser. That is not the right certificate from the Cloudflare site. I have attached a screenshot below with yours (bogus) at the left and the proper one at the right. You can see it is the same cloudflare web site at the chain end but the upstream certificate chain is totally different. The proper certificate was issued by a public Certificate Authority "Comodo" which can be validated up the trust chain to another public CA "UserTrust". The bogus one was from a proprietary company "Kaspersky" and it was NOT issued to Cloudflare, it was issued to you, as the "Personal" keyword suggests. Yes I know who Kaspersky is but for now keep reading.

What appears to happen in your case is your local antivirus hijacked your certificate store and installed itself at the Root, decrypting and re-encrypting your https traffic,  therefore acting effectively as a man-in-the-middle between secure web sites and your browser . You are now in full merci of Kaspersky firm to do with your traffic whatever they feel like today.

It was just recently that exact same type of thing caused big problems to computer manufacturer Lenovo who was installing adware on their computers. If you have not heard of it and/or want to understand how this sh!t works, google for "Lenovo superfish scandal" and read a few articles. While reading, replace "Superfish" to "Kaspersky" and you will get the picture of what's happening to you.

Yes, some people may say "Kaspersky is a well respected antivirus company so it is OK". Let me ask you though if you really feel comfortable knowing that all your online banking/shopping/passwords are now not point-to-point anymore and are being decrypted by some man-in-the-middle program on your computer and then re-encrypted before delivered to your browser.   

if you dont, I'd say look in your antivirus program settings to disable scanning https traffic, if it is possible at all, then re-check https site certificates now point to a proper public CA and not some "personal" certificate.

As to the subject of this topic you can see with this and Lenovo case that https does not guarantee you confidentiality, it can be hijacked.

[Bud]

at some point, people will say ENOUGH OF THIS SHIT!

I am already saying it and I use an http firewall called Safesquid. It is not too easy to setup this product but should not be much of a problem for a technical person. Good thing is once you learn it is quite flexible.
I have attached a screenshot of an excerpt from the log resulted from processing eevblog home page as a sample.

[dsolodov]

I bypass my ISP's DPI by routing all traffic external to my LAN through a VPN vendor unrelated to my ISP. Some VPN vendors do not even require registration...

[linux-works]

eevblog admins: better get onboard soon or mozilla will leave you behind:


https://soylentnews.org/article.pl?sid=15/05/05/1222255

I said it many times; the web WILL be all encrypted sooner rather than later.  snowden helped a lot by informing us how wrong it was to trust the carriers/etc.

now, more sites are turning on encryption; and it looks like mozilla/firefox will help lead the way in getting people there.

guys, please turn on https - and not just via that cloud CDN stuff; that's not end to end https by any stretch.