Useful Links

frugal_dave · 09-02-2018, 08:17 AM

Google chrome lists the web site as Not Secure??

**MichaelB** · 09-02-2018, 08:22 AM

That's been happening a lot lately when I use Chrome. Not sure what changed, but it affects web sites I've been visiting for years.

mpeirce · 09-02-2018, 08:25 AM

If you visit https://www.early-retirement.org (note the HTTPS) that warning should go away.

http and https are basically the same thing, except that https uses an encrypted connection - S is for "secure".

Google is on a crusade to get the web to switch over to https and it starting to report http sites are "Not Secure".

Frankly, for a site like www.early-retirement.org it's rather unimportant, but google thinks otherwise. And google is apparently in charge now.

To fix this "problem" change your bookmarks to use the https form of the URL and chrome should shut up.

Chuckanut · 09-02-2018, 08:27 AM

Yes, Google is actually looking out for us, believe it or not.

HTTPS everywhere is a good start, though certainly not 100%.

Some bad guys are already finding ways to trick people into using the ordinary HTTP no 's' sites so they can put their malware to use.

FireBug · 09-02-2018, 08:35 AM

https://developers.google.com/web/up...ot-secure-warn

May be part of the issue....

Chuckanut · 09-02-2018, 09:00 AM

Everything should be HTTPS these days. There is no good reason for them not to be.

One must be careful, often pages that are HTTPS will open links to other pages that are not HTTPS. It's a minefield out there.

mpeirce · 09-02-2018, 09:09 AM

Quote:

Originally Posted by Chuckanut

Everything should be HTTPS these days. There is no good reason for them not to be.

I don't want to get into a debate, but I've hear pretty good arguments from security knowledgeable people that don't think every web site should necessarily migrate to https.

That being said, sites I have all use https these days (if you want a decent google ranking, you have to do this - they will derank you if you aren't using https). It's easy to do with Let's Encrypt free certs.

bingybear · 09-02-2018, 09:17 AM

I go to https://early-retirement.org and it logs me in and is still https

I hover over "new posts" and I see that it shows a https link (http://www.early-retirement.org/foru....php?do=getnew) . I click on it and I end up back with http (non-secure page). I expect the link runs some code and does not continue with the starting secure format.

Rianne · 09-02-2018, 09:26 AM

My initial log in shows https:, then the https clicks off and this fills the address, I use Firefox
http://www.early-retirement.org/foru...ml#post2102443

https shows then disappears at different forums. When http is there, "not secure" shows up. So if I click on User CP, https is there, when I click on a post it disappears to "not secure."
As I'm writing this, "not secure" is there.

Chuckanut · 09-02-2018, 09:37 AM

Yes, the Portal page uses HTTPS, but when it links to other pages on this site HTTPS is gone and we are back to 'Connetion is not Secure'. I am using FireFox with the HTTPS Everywhere add-on.

Rianne · 09-02-2018, 09:47 AM

Quote:

Originally Posted by Chuckanut

Yes, the Portal page uses HTTPS, but when it links to other pages on this site HTTPS is gone and we are back to 'Connetion is not Secure'. I am using FireFox with the HTTPS Everywhere add-on.

So, protects, even if https prefix is not there.

HTTPS Everywhere by EFF Technologists

Featured ExtensionFeatured Extension

Encrypt the web! HTTPS Everywhere is a Firefox extension to protect your communications by enabling HTTPS encryption automatically on sites that are known to support it, even when you type URLs or follow links that omit the https: prefix.

GrayHare · 09-02-2018, 09:56 AM

Must be something in this for Google. As https leaves as meta data a trail of secure connections I figure it permits Google to track individual users more easily.

kaneohe · 09-02-2018, 10:05 AM

of the 15 tabs on my computer this AM, all except 2 have the https.
One that doesn't is ER. I don't type in any prefix for any site, just the name and the prefix is a default? Is that ? default something the site determines?

Oz investor · 09-02-2018, 07:34 PM

the login page is 'secure ' and the other ones i have visited here are not

i find it a little strange but i have seen this before ( in other websites ) when using Cloudflare particularly based in Asia .( but those other sites eventually solved the issue .. one way or another )

i hope this helps in any investigation of the issue

**sengsational** · 09-03-2018, 08:45 AM

Quote:

Originally Posted by GrayHare

Must be something in this for Google. As https leaves as meta data a trail of secure connections I figure it permits Google to track individual users more easily.

Do you have a reference to something that gave you that idea? I've never heard that tracking was improved with TLS protocol. Google does offer JavaScript code that any web site may choose to add to their pages the purpose of which is to gather metrics. I suppose the data from those might be more trustworthy if over a secure connection. Of course Google gives those metrics to the web site owner, but also probably finds a way to make money off it. Anyway, I just wondered how adding encryption would give the Google any more benefit.

**braumeister** · 09-03-2018, 08:51 AM

Quote:

Originally Posted by mpeirce

I don't want to get into a debate, but I've hear pretty good arguments from security knowledgeable people that don't think every web site should necessarily migrate to https.

Any reference to that? Doesn't seem to make sense to me.

Car-Guy · 09-03-2018, 09:03 AM

SSL provides a level of security (by encryption) of the communications typically between a browser and a server. It does not mean the web site is secure, just the transmission of info to/from it.

Scrapr · 09-03-2018, 09:03 AM

yikes. I just checked our business site. Not secure. The main thing we use it for is to direct CC payments for invoices. But PayPal processes that. I have not had anyone complain. Better to get ahead of that issue

i better talk to "my guy"

CoolRich59 · 09-03-2018, 10:00 AM

That’s been happening to me recently as well with Chrome. Not here, but one site I recall was the Navy website (navy.mil).

Not secure!? Guess I’ll have to risk it.

**Janet H** · 09-06-2018, 02:40 PM

Quote:

Originally Posted by Chuckanut

Everything should be HTTPS these days. There is no good reason for them not to be.

One must be careful, often pages that are HTTPS will open links to other pages that are not HTTPS. It's a minefield out there.

The login pages here are secure (httpS) but as noted by many, the rest of the site is not. We store no financial info or other sensitive content here and we long ago changed login pages (where password data is passed) to meet current security standards.

The primary reason for not changing the rest of the site is that we have thousands of links in posts to offsite images and content that are not https. ALL those links would break. As the www updates it will be easier to make this change but for now we would rather retain that content then break it.

Useful Links

Latest Threads

Social Knowledge Community

About Us