Hey admins, is there any plan to introduce HTTPS support for browsing the hub? Not an outright request for it, mind you, just wanted to know if it was on the books for the future.

Yours - the chancer

Never gave it any thought.

I'm very inexperienced with most things involving websites, to be honest. The most I've ever done was fumble around w/ HTML and use free hosts until I tried to set up this site. I had to even look up what SSL was (for shame. I used to know, too). :P

Anyway, it's an encryption for data being sent from and to a website, right? Packet encryption? I'm honestly not too sure why we'd need this. The only thing I imagine we'd have to even mildly worry about would be cookie information being sent across the connection, which I imagine would be easy to figure out user/pass info from, if sniffed. But even that isn't much of a threat, since there's no real reason to want anyone's account except the admins'. And since I'm keeping backups ANYWAY, that's STILL not much a problem, as any problems caused can be mended.

Which reminds me. I should update the backup.

Yeah, the only reason we'd need SSL is for the admins. Even then, you'd have to know where Vanndril, Mindwipe or Lost+Name live, wait for one of them to connect to their admin accounts on a public wi-fi, and get their passwords that way (or get a job at their ISP, NSA or similar, or hack their router, which is actually <<en.wikipedia.org/wiki/Wi-Fi_Protected_Setup#Security|easy as fuck for most routers because of a massive vulnerability on their protocols>> (requires physical proximity) and would be what I'd do).

Frankly, <<xkcd.com/1269/|overkill>>.

I completely agree that if the sole purpose of HTTPS was to stop sniffing admin passwords, then this is definitely overkill. However (and I am probably the only one) I am irked by the thought of everything I do on this site travelling through the literally 15 different computers to reach here, while being completely readable and cache-able to all of them.

I completely understand that you're not going to be all "THIS SSL THING - WE MUST HAVE IT" because of this post, and it won't make stop coming to this site (it's fucking fantastic - been wanting a place like this for years), but I just thought I'd see what was on the roadmap. Thanks for your time guys :)

Yours - the chancer

I can totally understand your concerns, but I don't think it warrants the cost of SSL certificates and whatever loops need to be jumped through to get it set up. Us admins are broke. XD

Besides, aren't you maybe being just a little bit paranoid? ;)


You and every one of us. :P


Anytime. You'll find that we're a surprisingly sociable bunch.

Probably that would be the most significant thing, and I believe Slayerduck is the only one with SSH (command line) access to the server, so we'd have to bug him to set it up too.

One alternative is to communicate to the site using <<www.torproject.org/|Tor>>. Yes, it could still be intercepted after the exit node, but nobody would be able to link it to your machine.

Of course I'm being a little bit paranoid - I work in information security :). Also I would personally recommend NOT using Tor (for those who are considering it) - especially since www1.icsi.berkeley.edu/~n...ichtCriminalComplaint.pdf happened. As far as I can see it just screams "I'm doing illegal things". But that's just my two cents :)

Yours - the chancer

Ahhhhhh....
That explains EVERYTHING. XD


I betcha I can guess without reading it.
Someone using Tor got caught.
If I'm right, then it brings back memories of a debate I had with a certain someone over the security of Tor. :P If I'm wrong, then I don't see how it's relevant. o.O Care to elaborate in a summary so I don't have to read that whole thing? XD

As to the safety of Tor, and the above boring PDF.

The guy, Ross William Ulbricht, was using Tor to sell drugs on Silk Road using Bitcoin. He was one of many, I'm pretty sure. The one time I visited Silk Road out of curiosity, I've left that place in a bit of horror of how easily those guys seemingly operate.

He was not convicted because he used Tor. Tor itself remains entirely safe even if you misuse it (this means that if you only use it for legal things, you're 1000% safe).

It turns out, that like in almost all cases involving FBI and cyber patrolling, police rely on great stupidity on the part of the criminal.



I'm entirely open to the possibility of Tor being broken. <<web.archive.org/web/20101...l/cybercrime/cryptfaq.htm|I wondered the same thing>> about TrueCrypt in the past. But I'm pretty confident that law enforcement is largely composed of incompetent thick skulled thugs with even less morals than brain cells.

In other words, my current beliefs are: the government will come at your door if you build an 80 million dollars online drug-dealing empire while making stupid mistakes.

As it says in the news here the American government could pretty much need this money itself as it is bankrupt xD

Not specifically because the tor protocol has been backdoor-ed or anything, but because it's pretty easy to tell over a decent period of time whether or not somebody is using tor. They fact that they could be doing some 'dodgy shit' could be then inferred from this, and legitimate traffic sniffed 'to protect the public' blah blah blah



The beauty of tor is also that you can't prove you weren't doing 'dodgy shit'

Yes, all of that is true.

Still, using Tor by itself is not illegal. And again, even if you "commit stupid (privacy-wise) mistakes", if you're not some kingpin, why should you care? They still can't snoop on your Tor traffic.

My point is that Tor is like the blind spot of the government surveillance. You can be doing whatever you want there - not necessarily illegal things. You can just use it because you don't want your activities to be recorded, it's perfectly normal to desire privacy. And most of the time you won't be bullied by the goverment without some traces of due process.

Heck, I was bullied by police for no reason and I really wasn't doing anything. There's no way to be really "safe", and Tor is as safe as riding elevators or cutting vegetables, just much more interesting.

But the wire cable of the elevator could crack and at cutting vegetables you could cut yourself :P

That's kinda my point, yes.