The pub is perfectly safe!!

[Suzy]

I went to the support board and asked why the url bar is suddenly marked as unsafe. This is what they said:

Hi,

The "Not Secure" text refers to the fact that the page is http and not https. Recently there has been a push to make all pages https. Currently, ProBoards only serves pages that need to be secure over https (login and store pages) but we will be making the move to serving all pages over https in the not-too-distant future.

This isn't something you need to worry about.

So I suppose I have to believe them. If you don't feel reassured, let me know. I might have to close down the forum if this problem makes people afraid of posting.

[Miss Terri Novelle]

Well, another thing I've noticed has to do with some of the ads they serve. Occasionally, one of them (on my phone because I have settings in place to stop it on my computer) will throw a popup about my Windows installation not being safe. Now I know Proboards tries to vet the ads, but shit gets by sometimes. I also know my phone isn't running Windows, so it's clearly a shady ad, so I just close the screen and move on.

I have things in place on my computer to stop those popups, so I never get them there.

But, I've never been concerned that the forum is in any way dangerous. One thing to note, I only get those types of popups when I use Chrome on my phone. I never see them in the Firefox browser. Despite Google's assurances, Chrome is neither more secure nor is it faster than any other browser. And should anyone doubt Google's ability to tell the difference between slower and faster, one only need log into their shitty new, updated Gmail dashboard to know they haven't a clue. They tout it as faster and better when in reality, it's slower to load, laggy as hell, and more intrusive while being less intuitive than the previous version.

TL:DR: Chrome stinks.

[Suzy]

Nov 23, 2018 10:51:41 GMT -5 Miss Terri Novelle said:

Well, another thing I've noticed has to do with some of the ads they serve. Occasionally, one of them (on my phone because I have settings in place to stop it on my computer) will throw a popup about my Windows installation not being safe. Now I know Proboards tries to vet the ads, but shit gets by sometimes. I also know my phone isn't running Windows, so it's clearly a shady ad, so I just close the screen and move on.

I have things in place on my computer to stop those popups, so I never get them there.

But, I've never been concerned that the forum is in any way dangerous. One thing to note, I only get those types of popups when I use Chrome on my phone. I never see them in the Firefox browser. Despite Google's assurances, Chrome is neither more secure nor is it faster than any other browser. And should anyone doubt Google's ability to tell the difference between slower and faster, one only need log into their shitty new, updated Gmail dashboard to know they haven't a clue. They tout it as faster and better when in reality, it's slower to load, laggy as hell, and more intrusive while being less intuitive than the previous version.

TL:DR: Chrome stinks.

You're right, Laura. I'm going to use Firefox and see if that's better

[Suzy]

I just got this reply (which I believe)

Just to confirm that login, registration, and purchases are https (secure), while regular forum pages are not (http). We are working to bring https to all ProBoards forums in the not too distant future.

Please note that for the longest time all regular web pages were on http and not considered "secure", which just means they were not encrypted. There has been a push recently to make all web pages encrypted and as such web browsers are now using words "not secure" to indicate the page is http and not https. While this new indicator is serving the purpose of getting users' attention, it is also causing some unnecessary concern as some think that web pages they've been using all along have now suddenly become 'not secure'.

[djmills]

Like Laura, I have AdBlock running on my computer. It is blocking 3 ads right now. :-)
My laptop operating system is Ubuntu, and Firefox did not work correctly all the time. Buttons not showing on some pages, missing images on other pages, etc. I changed to Chromium (I think a Ubuntu version of Chrome) and everything seems to be working as it should.
At least, I can join webinars and actually see comments, etc. :-)
So... Chromium also shows "(i)Not secure | thewriterspub" etc. but it never worried me. I am sure it is more secure than Google or Facebook or Amazon storing data on us. :-)

[Suzy]

Yes, it is. And just as safe as it was a year ago.

[Suzy]

I'm having a big discussion with the proboards people. This what they're saying:

I believe there is a big misconception about what the "not secure" really means.

When the register or login link is clicked on your forum, that user is taken to OUR SECURE login page (https://www.proboards.com/login/xxxxxx) where their information is secure and encrypted, and then they are returned to the forum.

As far as participating on the forum, why would it matter that the posts they make are not encrypted, when anyone now can just read the posts without even logging in? In a sense this is basically what it means for a forum. No one is going to go to the trouble to hack your connection to read a post that they can read now with no effort. The only thing one should be concerned about is posting sensitive information in a post, but that holds true whether the forum is http or https.

You should also be aware that having a secure https site requires what is called an SSL Certificate. There is nothing stopping a malicious site from obtaining one of these certificates and being listed as "secure". In fact these scam sites go to great lengths to add all the proper logos and markings to appear as being legitimate. Sites with https should not be blindly trusted any more than a site with http should automatically not be trusted.

It's not about the secure/not secure as much as smart web practices like using a secure complex password, not sharing your login information with anyone, and learning how to recognize bogus sites.

[Miss Terri Novelle]

It sounds like Lynda got hold of one of those stupid ad things keep popping up scary messages and/or can even hijack your browser. I am betting if she used Adblock, she'd see a lot less of that type of thing. Of course, Proboards pops up a request to take it down all the time, but I feel like there's a trade off here. If you want me to stop blocking the ads you put on your pages, stop allowing ads with external popups. Most of those are against the rules anyway, but it's proof they're not being accurately policed.

My mother keeps calling me to tell me she's getting a notice from Microsoft that her computer is at risk and she needs to call a phone number. I keep telling her it's a scam.

[djmills]

Yes, I get the Microsoft calls here in Australia. I laugh then advise them I am a MCSD, then say a lot of other qualifications I have. As soon as I say any Microsoft Certification qualifications, whether developer or system administrator, they hang up. Or sometimes I string them along, pretending I am turning on my computer, opening a browser page, and pretending I am entering the address they say I have to go to, after I unplug my internet cable. I love hearing the clicking sounds as they try to enter my computer, and swapping staff to try and get me to do other things. I can drink a whole cup of coffee before I get sick of stringing them along, and hang up. :-)

Tell your Mum that Microsoft never, ever, ever, calls anyone who uses Microsoft operating system software. :-)

[Miss Terri Novelle]

Oh, I have. Multiple times, but she still calls to check.

[Daniel]

Google is behind this mess in the first place. They sent out a notification a couple of years ago that sites without encryption would get dinged in search engine results or not be crawled at all. So now everyone has to get a security certificate and encrypt every page on any site that collects "sensitive" user information (even a simple email list sign-up form). In the meantime, they've updated Chrome to scare users away from sites that don't comply. If I didn't know better, I'd think they were in the security cert business.

It's a drag because certs are expensive and putting encryption on pages that don't collect sensitive user information is a giant waste of Internet resources. Encryption bulks up the amount of data transmitted by 2-4 times. Most people have high-speed connections these days, but that's no excuse to just blow off efficiency.

[quinning]

Nov 24, 2018 8:25:26 GMT -5 Daniel said:

Google is behind this mess in the first place. They sent out a notification a couple of years ago that sites without encryption would get dinged in search engine results or not be crawled at all. 

Asking honestly, is the pub not being crawled a bad thing? Because it seems to me not being indexed by Google gives at least a modicum of privacy, yes?

[scdaffron]

Nov 24, 2018 8:25:26 GMT -5 Daniel said:

It's a drag because certs are expensive and putting encryption on pages that don't collect sensitive user information is a giant waste of Internet resources.

Security certs aren't necessarily expensive. Our WordPress blogs had to be switched from http to https and our hosting company has some sort of shared certificate and they did it automatically. The bad news is that it made all our URLs change, but we fixed that with a redirect. My guess is that when Proboards finally updates they'll have some type of shared thing that will cover all the free boards like this one.

I use Chrome with two ad blockers (AdBlock and AdBlock Plus). I also have a Flash blocker called Flash Control and an extension that disables HTML5 autoplay. In the address bar, it says "not secure" but I don't care since everything seems to work okay.

[Daniel]

Nov 24, 2018 9:45:12 GMT -5 scdaffron said:

Security certs aren't necessarily expensive. Our WordPress blogs had to be switched from http to https and our hosting company has some sort of shared certificate and they did it automatically. The bad news is that it made all our URLs change, but we fixed that with a redirect. My guess is that when Proboards finally updates they'll have some type of shared thing that will cover all the free boards like this one.

The free certs like the ones we have on our WordPress sites work fine for encryption, but they don't offer "trust" because anyone can apply one to their site. There's no validation that we are who we say we are (the cert doesn't even list an organization name), and there's no trusted authority in the certificate hierarchy. In other words, we'll never have the little green lock on those sites. But for now, it keeps Google happy enough. I think encryption was all they were really after.

[Daniel]

Nov 24, 2018 8:34:07 GMT -5 quinning said:

Nov 24, 2018 8:25:26 GMT -5 Daniel said:

Google is behind this mess in the first place. They sent out a notification a couple of years ago that sites without encryption would get dinged in search engine results or not be crawled at all. 

Asking honestly, is the pub not being crawled a bad thing? Because it seems to me not being indexed by Google gives at least a modicum of privacy, yes?

I understand what you're saying, and I agree that getting search engine love is not really what we are after. We just don't want users being scared away by browser security warnings.

[Pru Freda]

Nov 24, 2018 11:00:09 GMT -5 Daniel said:

Nov 24, 2018 8:34:07 GMT -5 quinning said:

Asking honestly, is the pub not being crawled a bad thing? Because it seems to me not being indexed by Google gives at least a modicum of privacy, yes?

I understand what you’re saying, and I agree that getting search engine love is not really what we are after. We just don’t want users being scared away by browser security warnings.

To be fair, it wasn’t just the “not secure” notice, it was that coupled with the pop-up that scared me away. Yes, we have Avast, yes, we have an Ad blocker. Lord knows what other security that Sir has loaded on “my” computer, but that pop-up still got through, and more than once.

I shall continue to lurk for a few days more, before I decide whether to start posting more frequently.

[elephantsbookshelf]

I hated having to pay more to have my wordpress site deemed "safe." Major PIA, if you ask me, and a blatant moneygrab. But, like most everyone else, I had to do it. My site had gone down.

[Miss Terri Novelle]

I was able to use the free cert from my hosting company and just change the .htaccess file to force the site to open in https:// but for my daughter's site, which I also host, there's still a warning that some images might not be safe and I have to to in and fiddle with things. I have not had the time.

ETA: I just fixed it and it was easy. I had to add the s to the address for all the images on the page. I'm sure I'll have to do it for more than that page. Or have Erin log in and do it. But the home page is now secure.

[Alan Petersen]

Nov 24, 2018 8:25:26 GMT -5 Daniel said:

Google is behind this mess in the first place. They sent out a notification a couple of years ago that sites without encryption would get dinged in search engine results or not be crawled at all. So now everyone has to get a security certificate and encrypt every page on any site that collects "sensitive" user information (even a simple email list sign-up form). In the meantime, they've updated Chrome to scare users away from sites that don't comply. If I didn't know better, I'd think they were in the security cert business.

It's a drag because certs are expensive and putting encryption on pages that don't collect sensitive user information is a giant waste of Internet resources. Encryption bulks up the amount of data transmitted by 2-4 times. Most people have high-speed connections these days, but that's no excuse to just blow off efficiency.

My web host offers SSL encryption for free (as part of their web hosting package), so I was able to easily switch websites from http to https since Google is on a rampage and encryption is now part of their search algorithm (according to SEO experts).

I use SiteGround. But seems most of the other major web hosts are offering SSL certs for free so check with your web host, you might have this already offered as a featured. It's easy to set up right from cPanel.

[Daniel]

Dec 6, 2018 15:11:49 GMT -5 Alan Petersen said:

Nov 24, 2018 8:25:26 GMT -5 Daniel said:

Google is behind this mess in the first place. They sent out a notification a couple of years ago that sites without encryption would get dinged in search engine results or not be crawled at all. So now everyone has to get a security certificate and encrypt every page on any site that collects "sensitive" user information (even a simple email list sign-up form). In the meantime, they've updated Chrome to scare users away from sites that don't comply. If I didn't know better, I'd think they were in the security cert business.

It's a drag because certs are expensive and putting encryption on pages that don't collect sensitive user information is a giant waste of Internet resources. Encryption bulks up the amount of data transmitted by 2-4 times. Most people have high-speed connections these days, but that's no excuse to just blow off efficiency.

My web host offers SSL encryption for free (as part of their web hosting package), so I was able to easily switch websites from http to https since Google is on a rampage and encryption is now part of their search algorithm (according to SEO experts).

I use SiteGround. But seems most of the other major web hosts are offering SSL certs for free so check with your web host, you might have this already offered as a featured. It's easy to set up right from cPanel.

Right. As I said up-thread, we're using the free cert from our hosting company, but all that cert does is offer encryption, not identification. It's enough to keep Google happy for now, but if Google get excited about site identity verification, those free certs won't be enough. I'm not going to worry about that, though. May never happen.