In the age of an Orwellian society, why are we allowing our ISP's and government to read our communications?

I never noticed until today, but its incredibly frustrating to know that every single message that I've been sending across NA has been unencrypted and plaintext. Some people do serious business on here and dont want others snooping in their business. By not having SSL you are enabling anyone with a packet sniffer and a trunk connection to read all of your private communications.

It seems unacceptable for any marketplace to not have encryption enabled by default.

Please consider and thank you for hearing my rant.

Always wondered the same. SSL can help.

What kind of messages could you possibly be sending that would warrant any such concern?

Maybe addresses or phone numbers?  Not sure about routing / checking account numbers.  I've never made such a large purchase.
 

Because SSL has been hacked and considered an inferior solution for years... Right now you would have to use TLS for encrypted communications. Otherwise if you used SSL, you might as well just go plain old HTTP. There are tools on the web that let you decrypt SSL using the known flaws that will NEVER be patched.

What marketplace on here?   There isn't a physical NA-hosted way to send a payment.


 

I'm sorry, is there not a buyers and sellers forum hosted here? Do people not engage on trade, which is promoted by the site via hosting the subforums?

Even if it wasn't a marketplace it's 2017 dude. I setup SSL on Apache when I was 18 years old in 2002.

Are you really going to take that route? How embarrassing.....

In regards to SSL vs to, yes, SSL is a common term and people actually do use it to mean tls 1.1/1.2 ....old habits die hard. Yes, to 1.2 would be the preferred crypto.

People exchange personal information, addresses, phone numbers and yes bank information over this site. You can expect such communication on any online marketplace.

And let's not be stupid guys. People commonly sell items on here worth more than cars. Don't be dense and pretend there are not large financial transactions going on here.

The admin should take some responsibility and do the absolute minimum to protect it's users security. If he really cannot do it and needs help, I would be happy to help. I'm not just a complainer, I'm more than willing to provide the labor and solutions if needed. But I sincerely doubt he is incapable of setting up https on the forums.....

This same question keeps me up at night.

Who is going to pay for all that considering that NA lets people buy and sell here for no cost? Dont forget this site is run off donated time and money. 

maybe if security is such a concern for you, you handle your communications outside the site. Many people have been dealing here for years with no issue. I agree internet security is of concern, but the way your brought up the idea was confrontational. 

Way to say it nicely... .

Why should NA have a SSL is my question?  

Why is it needed? 

 

Do you even read what people write before responding?

I already stated I would pay for it if it's such a problem. Setting up tls is not a 5 year engineering project dude, it's a routine quick patch. You do realize that you can setup https by default when configuring your webserver....?

It sounds like a lot of people who have no IT experience want to "defend" the undefendable. At no time should anyone ever not have privacy by default. The argument is never "why should we have this".....it's "why would we ever not have this".

When you are having a private conversation in your home, do you always put a microphone connected to a louspeaker and blare it to the neighborhood? Because that's what you are doing when you communicate on http. Asking for your private conversations *to actually be private* is not some outlandish request.

Don't argue against your best interests people.

As for being "confrontational", sorry it's a hot topic for me and I feel passionate about it. As stated, I'm here to help if needed. Hopefully that takes some sting out of my bluntness. I see the lack of https as a affront to individual sovereignty, so I take it seriously. Sure, I could go somewhere else.....if that's what you and the owner really want? I would think that's not the case however. Usually people create sites so that people will come, not the opposite.

Sounds like you're an expert on forums and SSL.

Why haven't you created your own forum yet?

I have owned and operated many sites. I am the owner of xbins.org and we were the central Xbox hacking and homebrew repository for over a decade.

I was a xbox-scene.com admin(rip).

I've managed servers with millions of unique ip's per week at a time when most people still used dial up or 1.5mbit dsl at the better spectrum.

The point is that your shitposting here does not help. My experience has no bearing upon the lack of a basic fundamental feature that every single forum should have. But it does demonstrate that I actually know wtf I'm talking about and can actually help. Unlike you, who seems to be arguing just to argue. Unlike you, I want to see NA become a better place. Because right now you are arguing to keep it a worse place.....enabling TLS is a benefit, not a degradation of quality.

Do you read before you post? If you are concerned about the security that much, communicate through email for the time being. Never did I say “go elsewhere” (which probably would do you no good considering your deals are facilitated because of the site traffic) 

I dont know anything about internet security. I use paypal, and gmail. I dont care what a 5 minute patch is, but  I do know if you phrased your OP like “ hey I realized the site communication isn’t secure, here is why and I would like to help” instead of the condecention people would be far more open to hear your suggestions. 
 

I feel like this question has come up before, but I don't recall Dain's reasoning for not having SSL.

I know that certificates used to be much more expensive, so maybe that was the original reasoning.



I'm sure Dain will see the thread and provide a response, so it would be better if everybody else just waited for the actual authority to respond rather than putting words in his mouth.

Let's keep things straight here. I also have managed many websites, I do that for a living, and I have put certs on sites many times.

Is it free? No.

Does it take much effort? No.

Is it worthwhile for users? Generally speaking, yes.

I agree with you for the most part. I think frankly the main issue here is that your passion is coming off as aggression. Even just the way you titled the post "why doesn't NA have this?", comes off as negative. I feel like if you came at this from a "listing the benefits of SSL" standpoint, you'd have gained much more traction.

Right now really all you've said is that NOT having it is "an affront", and you've been very vague and negative about the whole thing. You've used verbiage that makes it sound like you have a "greater than thou" mentality coming into this. When you say that it is "an affront to individual sovereignty", I laugh and stop listening to you.

Yes, you are correct and I should have taken a different approach. However the style of my approach does not change the facts or the needs of users.

I humbly apologize for my bluntness and ask that you ignore it and instead focus on what's right for the users of NA.

Thanks

The post title is fine.

It is direct and the to the point and asks a question worth asking.



The post itself is a self-admitted rant, though  

edit: N/M, didn't see the concession.

BTW, do people really send bank info through PMs here? I would think that would be something taken offsite, even with encryption in place.

I wouldn't be surprised if people shared information they shouldn't really share via PM.

​Though I recall a big stink being made awhile back when somebody realized that PMs weren't really private anyway since they are visible to the admins.

 

Yeah I wouldn't be sharing my bank info over pm

I've always operated on the assumption that any forum's PMs are visible by mods/admins, and since I've seen some mods (not here, but elsewhere) be less than honest, I wouldn't even think to do that.

The other info being encrypted is a legit request, but any financial stuff should be handled off of NA, IMO, regardless of how locked down it is.
 

One potential risk of an unencrypted connection is that your site password is unprotected whenever you login.

I have also configured SSL certificates and TLS v1.2, but what I don't know is how expensive it is to purchase certificates. That cost could be a limiting factor.

In life I've found working passion is much more effective than being monotone. I got y'all fired up, and that's exactly what I wanted. Hopefully we can redirect that fire towards petitioning dain to install a cert. I'm happy to donate the funds, really a basic cert is like $5 a year.

But frankly there are free options from non profits as well. These guys have issued 100m certs...

https://letsencrypt.org...