Sciencemadness Discussion Board - HTTPS now available

HTTPS now available

Polverone - 10-5-2005 at 18:59

It is now possible to access sciencemadness over HTTPS as well as HTTP. The <A HREF="http://www.sciencemadness.org/">main page</A> now has a link enabling HTTPS access to the forum. Unfortunately, the HTTPS connection currently works only for sciencemadness.org, not www.sciencemadness.org. I'll try to figure out how to get that fixed in the near future. Since I generated my own certificate instead of paying for one from a well-known certificate authority, you'll have to put up with a browser warning when using the HTTPS link for the first time at least. Ordinary HTTP access should not be affected.

BromicAcid - 10-5-2005 at 19:04

I just love the certificate information

I’ll probably end up using HTTPS access all the time even though I have no paranoia simply because it seems neat, great work Polverone!

cyclonite4 - 11-5-2005 at 06:49

It's great we have HTTPS access, I see the funds are going to good use. It wouldnt really matter to me whether I use HTTPS or not, but I might as well because it was payed for (expect some contribution after I have bought my Organic Chem equipment

).

Welcome to the forum Madandcrazy, try to clean up on the 'engish' a bit.

denatured - 12-5-2005 at 00:14

What is the difference between https and http?

neutrino - 12-5-2005 at 02:26

https is encrypted, http isn't.

denatured - 12-5-2005 at 12:27

Sorry for the stupid question , but who is the protected one ... the site or the users viewing it?

Organikum - 12-5-2005 at 12:51

Did you ever hear of Google? Go and search for HTTP and HTTPS at Google when you have such questions thats really not to much demanded.

/ORG

cyclonite4 - 12-5-2005 at 17:24

Organikum, help him a bit more by directing him to this this link

chemoleo - 12-5-2005 at 17:45

Oh comon.
This isn't scienceharshness board.
I didnt know about it either.
Of course I could look it up. But I could look up one zillion things, and still not know all.
Much easier just to post a quick explanation here, no?

This is predominantly a chem board, so don't expect extraordinary computer literacy here.

Seriously, chill. I don't like the harsh tone that's sprung up here lately. Nor do I like the increasing amount of bullshitting/pointless posts here of late.

[Edited on 13-5-2005 by chemoleo]

some explanation

Polverone - 12-5-2005 at 18:10

Here's more or less what I sent Chemoleo when he asked about HTTPS:

Using HTTPS means that the traffic between the server and your computer is encrypted. This means that nobody can see exactly what you read or post by looking at the packets being sent back and forth between your computer and the server. Of course it's still possible to see what you're doing if the security of your computer or the server is compromised: HTTPS protects only the information in transit. It is also possible for an outsider to see that your computer is communicating with the sciencemadness server, though the outsider will not know the contents of those communications.

Why bother with encryption? The US National Security Agency in cooperation with Australian, Canadian, and UKian intelligence/security services monitored international telephone and telegraph communications over satellite links and cables for many years. The monitoring was often with the direct and secret collaboration of the communications providers, even when such activity was officially illegal (the laws in the US, at least, have changed to legitimize it now). Similar activity probably continues today. See The Puzzle Palace for further details about the historical arrangements, or try searches like "Echelon" or "UKUSA agreement" on your favorite search engine. It's a natural extension to imagine that they now monitor internet traffic by special arrangement with the major Internet backbone providers. Although it seems unlikely that national security services would care about what people post here, the idea that monitoring may occur is enough to make some people itch for encryption. With strong encryption like that now offered here, it's impossible for the NSA or any other party to lazily intercept and scan the communications between the sciencemadness server and your PC. If a security or law enforcement agency cared enough to target sciencemadness, they could easily compel Micfo to grant them access to the server. Encryption protects us only against opportunistic communications intelligence, because I don't have full control over the server or the PCs connecting to it.

HTTPS does not hide your IP address. HTTPS does not make your U2U messages any more secure on the server. It will protect information in transit against snooping by the rare dedicated hacker or the (likely far more common) automatic information scanning-and-pattern-matching tools used by governments. I am always happy to throw a few grains of sand in the gears of surveillance machinery, so I have enabled HTTPS access for this site. It's a tiny gesture, but better than nothing.

Edit: if you search for echelon and "UKUSA agreement" as I have suggested, you may stumble across some wildly speculative pages. Be wary if the author is trying to warn you about UFOs and mind control as well as spy agencies. Although the system that people call echelon attracts a certain amount of kook-speculation, I am sure that the basic technology is quite real and in active use.

[Edited on 5-13-2005 by Polverone]

Madandcrazy - 26-5-2005 at 06:33

HTTPS traffic can be a filter for paged links
which spaming out your informations which you typed in.

It is my opinion too, it is a seriously chem board, no dicussion for internet security.

Advisable, using a separat browser or computer for the certificate informations

More sand in the gears

wa gwan - 26-5-2005 at 11:04

Anyone interested in protecting their anonymity and security online should also consider using JAP
, or Tor in combination with Privoxy.
The Jap servers act as a proxy fetching pages on your behalf (the target site will see Japs IP requesting the pages not yours) and provides encryption between your machine and their servers, so your ISP can't see the content of the traffic to-and-fro nor it's destination and origin.

Tor in combination with Privoxy is essentially the same thing except each program performs the functions seperately, Privoxy acting as the proxy and Tor acting as the encrypted 'mix'. Both programs can be used independently.

Jap can be used in combination with Tor for the really paranoid.

Polverone - 7-4-2006 at 11:38

Quote:

Originally posted by Polverone
Why bother with encryption? The US National Security Agency in cooperation with Australian, Canadian, and UKian intelligence/security services monitored international telephone and telegraph communications over satellite links and cables for many years. The monitoring was often with the direct and secret collaboration of the communications providers, even when such activity was officially illegal (the laws in the US, at least, have changed to legitimize it now). Similar activity probably continues today. See The Puzzle Palace for further details about the historical arrangements, or try searches like "Echelon" or "UKUSA agreement" on your favorite search engine. It's a natural extension to imagine that they now monitor internet traffic by special arrangement with the major Internet backbone providers. Although it seems unlikely that national security services would care about what people post here, the idea that monitoring may occur is enough to make some people itch for encryption. With strong encryption like that now offered here, it's impossible for the NSA or any other party to lazily intercept and scan the communications between the sciencemadness server and your PC.

Nearly a year ago, when I wrote these words, I felt a little embarassed almost immediately afterward. It would take a massive technical effort to process backbone internet traffic wholesale and would be illegal too. I was just letting my imagination run wild, right? Maybe not. I'm happier today than I have ever been before that I paid the few extra dollars it took to offer SSL on this site.

wa gwan - 8-4-2006 at 12:36

Most times I'm trying to find something on this site I search google for it because the site search engine isn't very good. And often I click on the links google gives me without thinking. The google links are all http not https. All your search engine traffic is coming in unencrypted.

Thats OK (for me) because I always torify my connection so it doesn't matter if I browse this site with or without SSL. My ISP can't see a damn thing not even the web addresses and my IP can't be lifted from a log should a site/server be compromised.

SSL cert is being changed

Polverone - 3-5-2006 at 22:39

Our certificate is about to expire and I'm generating a new one. Do not be alarmed by the new certificate.

Mason_Grand_ANNdrews - 15-7-2006 at 11:11

I`ve a comment to the HTTPS. Some days ago i tried to download a attachment. The attachment could be downloaded in unencrypted connection only. I don`t know what the reasons are ?