Connection not private

[deadshot2]

Seems like I'm getting a new message in my browser command line when I log in to this site. To be fair some others as well.

I get an "i" in a "circle" where the "http" used to be. When I click on the circled "i" it tells me that my connection is not private.

Any ideas? I've read that it may have to do with the security certificate of the site and even that my pc's clock is set wrong. Clock is set automatically via net so I doubt that. Curious.

I'm now running Win 10 Anniversary edition with all it's updates and patches to date. Don't see any errors like this when I use "Edge", just Chrome.

[Massivedesign]

We are not running HTTPS protocol, yet.

[deadshot2]

I'm one of those that has to consult with a grand kid in order to understand a lot about computers

I could have sworn that in the past the command line used to start with http:// (without the "s") just before the "www.xxxxxx"

Just recently noticed that I now see the circled "i" which called my attention to the non private connection. Perhaps Google has made a change???

[kf7mjf]

We are not running HTTPS protocol, yet.

Great. Now the NSA can spy on us.

[lunacite]

This is a change that Google has made in their Chrome browser in order to push https to be the default protocol on the internet.

The ONLY change that has occurred is to the browser. No security vulnerability has been detected or exposed, it just means that your connection is unencrypted. Don't use the same password you do here for any other sites.


It would be nice for SSL to be enabled.

[deadshot2]

This is a change that Google has made in their Chrome browser in order to push https to be the default protocol on the internet.

Maybe they're doing it so they don't get the same "hack" as Yahoo.


Anyway, thanks for the explanation.

[Sinus211]

Wait...are you saying I wasn't supposed to enter my social security#, bank account #'s, and mother's maiden name when I logged in?

[Massivedesign]

Not SSL sites transmit log-in in plain text. A sniffer can grab that info. For the MOST part, that person needs to be on your network with you in order to sniff. If you have it setup to auto-log in each time you visit, then you are still secure(ish), as it's the cookie that is logging you in and not the plain text information.

As far as SSL on the site, it's coming. I put it on a few months back and it basically broke everything, so some additional care needs to be taken to emulate it. Also need to work with the forwarders, so that all the old links on this site that are http: don't become dead once we move to https:

[kf7mjf]

What about just using HTTPS Everywhere? https://www.eff.org/Https-Everywhere

I use and it's pretty nice.

[beckdw]

We are not running HTTPS protocol, yet.

Great. Now the NSA can spy on us.

Hahaha, like a little "s" is going to stop the NSA. Silly writers write silly things :D

[kf7mjf]

So says the NSA mole.

[beckdw]

So says the NSA mole.

I'm pretty sure I'd be a bad NSA mole. Saying the NSA isn't stopped by a bit of encryption is not something they would be spreading around.

[kf7mjf]

That's what you want us to believe!

[rayjax82]

Not SSL sites transmit log-in in plain text. A sniffer can grab that info. For the MOST part, that person needs to be on your network with you in order to sniff. If you have it setup to auto-log in each time you visit, then you are still secure(ish), as it's the cookie that is logging you in and not the plain text information.

As far as SSL on the site, it's coming. I put it on a few months back and it basically broke everything, so some additional care needs to be taken to emulate it. Also need to work with the forwarders, so that all the old links on this site that are http: don't become dead once we move to https:

Just FYI you could probably find a plug in that hashes the login info before it sends it to the server. That might be more trouble than https though. Just be aware that if you happen to login to waguns.org using open unencrypted WiFi you're sending your login info in clear text that can be easily intercepted. If you use the same password on this site that you do others you can open yourself up to other trouble.

[lunacite]

Not SSL sites transmit log-in in plain text. A sniffer can grab that info. For the MOST part, that person needs to be on your network with you in order to sniff. If you have it setup to auto-log in each time you visit, then you are still secure(ish), as it's the cookie that is logging you in and not the plain text information.

As far as SSL on the site, it's coming. I put it on a few months back and it basically broke everything, so some additional care needs to be taken to emulate it. Also need to work with the forwarders, so that all the old links on this site that are http: don't become dead once we move to https:

You should be able to use nginx as a reverse proxy to serve the same content on port 443 with https encrypting the session. https://letsencrypt.org/ has made this remarkably easy.