 |
|
09-02-2018, 08:17 AM
|
#1
|
|
Confused about dryer sheets
Join Date: Feb 2007
Posts: 4
|
Not Secure
Google chrome lists the web site as Not Secure??
|
|
|
 |
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!
Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!
You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!
|
|
09-02-2018, 08:22 AM
|
#2
|
|
Administrator
Join Date: Jan 2008
Location: Land of Florida Man
Posts: 38,775
|
That's been happening a lot lately when I use Chrome. Not sure what changed, but it affects web sites I've been visiting for years.
|
|
|
|
|
09-02-2018, 08:25 AM
|
#3
|
|
Thinks s/he gets paid by the post
Join Date: Feb 2012
Location: Northern Ohio
Posts: 3,013
|
If you visit https://www.early-retirement.org (note the HTTP S) that warning should go away.
http and https are basically the same thing, except that https uses an encrypted connection - S is for "secure".
Google is on a crusade to get the web to switch over to https and it starting to report http sites are "Not Secure".
Frankly, for a site like www.early-retirement.org it's rather unimportant, but google thinks otherwise. And google is apparently in charge now.
To fix this "problem" change your bookmarks to use the https form of the URL and chrome should shut up.
|
|
|
|
|
09-02-2018, 08:27 AM
|
#4
|
|
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Join Date: Aug 2011
Location: West of the Mississippi
Posts: 15,895
|
Yes, Google is actually looking out for us, believe it or not.
HTTPS everywhere is a good start, though certainly not 100%.
Some bad guys are already finding ways to trick people into using the ordinary HTTP no 's' sites so they can put their malware to use.
__________________
The worst decisions are usually made in times of anger and impatience.
Self proclaimed President for Life of Outliers United.
|
|
|
|
|
09-02-2018, 08:35 AM
|
#5
|
|
Recycles dryer sheets
Join Date: Feb 2014
Location: SF Bay Area
Posts: 289
|
__________________
"The only function of economic forecasting is to make astrology look respectable"
- J.K. Galbraith
|
|
|
|
|
09-02-2018, 09:00 AM
|
#6
|
|
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Join Date: Aug 2011
Location: West of the Mississippi
Posts: 15,895
|
Everything should be HTTPS these days. There is no good reason for them not to be.
One must be careful, often pages that are HTTPS will open links to other pages that are not HTTPS. It's a minefield out there.
__________________
The worst decisions are usually made in times of anger and impatience.
Self proclaimed President for Life of Outliers United.
|
|
|
|
|
09-02-2018, 09:09 AM
|
#7
|
|
Thinks s/he gets paid by the post
Join Date: Feb 2012
Location: Northern Ohio
Posts: 3,013
|
 Quote:
Originally Posted by Chuckanut
Everything should be HTTPS these days. There is no good reason for them not to be.
|
I don't want to get into a debate, but I've hear pretty good arguments from security knowledgeable people that don't think every web site should necessarily migrate to https.
That being said, sites I have all use https these days (if you want a decent google ranking, you have to do this - they will derank you if you aren't using https). It's easy to do with Let's Encrypt free certs.
|
|
|
|
|
09-02-2018, 09:17 AM
|
#8
|
|
Thinks s/he gets paid by the post
Join Date: Dec 2014
Posts: 2,502
|
I go to https://early-retirement.org and it logs me in and is still https
I hover over "new posts" and I see that it shows a https link ( http://www.early-retirement.org/foru....php?do=getnew) . I click on it and I end up back with http (non-secure page). I expect the link runs some code and does not continue with the starting secure format.
|
|
|
|
|
09-02-2018, 09:26 AM
|
#9
|
|
Thinks s/he gets paid by the post
Join Date: Aug 2017
Location: Champaign
Posts: 4,260
|
My initial log in shows https:, then the https clicks off and this fills the address, I use Firefox
http://www.early-retirement.org/foru...ml#post2102443
https shows then disappears at different forums. When http is there, "not secure" shows up. So if I click on User CP, https is there, when I click on a post it disappears to "not secure."
As I'm writing this, "not secure" is there.
__________________
"Do not go where the path may lead, go instead where there is no path and leave a trail."
Ralph Waldo Emerson
|
|
|
|
|
09-02-2018, 09:37 AM
|
#10
|
|
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Join Date: Aug 2011
Location: West of the Mississippi
Posts: 15,895
|
Yes, the Portal page uses HTTPS, but when it links to other pages on this site HTTPS is gone and we are back to 'Connetion is not Secure'. I am using FireFox with the HTTPS Everywhere add-on.
__________________
The worst decisions are usually made in times of anger and impatience.
Self proclaimed President for Life of Outliers United.
|
|
|
|
|
09-02-2018, 09:47 AM
|
#11
|
|
Thinks s/he gets paid by the post
Join Date: Aug 2017
Location: Champaign
Posts: 4,260
|
Quote:
Originally Posted by Chuckanut
Yes, the Portal page uses HTTPS, but when it links to other pages on this site HTTPS is gone and we are back to 'Connetion is not Secure'. I am using FireFox with the HTTPS Everywhere add-on.
|
So, protects, even if https prefix is not there.
HTTPS Everywhere by EFF Technologists
Featured ExtensionFeatured Extension
Encrypt the web! HTTPS Everywhere is a Firefox extension to protect your communications by enabling HTTPS encryption automatically on sites that are known to support it, even when you type URLs or follow links that omit the https: prefix.
__________________
"Do not go where the path may lead, go instead where there is no path and leave a trail."
Ralph Waldo Emerson
|
|
|
|
|
09-02-2018, 09:56 AM
|
#12
|
|
Thinks s/he gets paid by the post
Join Date: Nov 2011
Posts: 3,517
|
Must be something in this for Google. As https leaves as meta data a trail of secure connections I figure it permits Google to track individual users more easily.
|
|
|
|
|
09-02-2018, 10:05 AM
|
#13
|
|
Thinks s/he gets paid by the post
Join Date: Jan 2006
Posts: 4,172
|
of the 15 tabs on my computer this AM, all except 2 have the https.
One that doesn't is ER. I don't type in any prefix for any site, just the name and the prefix is a default? Is that ? default something the site determines?
|
|
|
|
|
09-02-2018, 07:34 PM
|
#14
|
|
Full time employment: Posting here.
Join Date: Jun 2018
Location: Brisbane
Posts: 855
|
the login page is 'secure ' and the other ones i have visited here are not
i find it a little strange but i have seen this before ( in other websites ) when using Cloudflare particularly based in Asia .( but those other sites eventually solved the issue .. one way or another )
i hope this helps in any investigation of the issue
__________________
i hold the Australian listed versions of AU ( Anglo Ashanti ) , BHP , and JHG .
You must learn from the mistakes of others. You can't possibly live long enough to make them all yourself.
Samuel Levenson
|
|
|
|
|
09-03-2018, 08:45 AM
|
#15
|
|
Moderator
Join Date: Oct 2010
Posts: 10,060
|
Quote:
Originally Posted by GrayHare
Must be something in this for Google. As https leaves as meta data a trail of secure connections I figure it permits Google to track individual users more easily.
|
Do you have a reference to something that gave you that idea? I've never heard that tracking was improved with TLS protocol. Google does offer JavaScript code that any web site may choose to add to their pages the purpose of which is to gather metrics. I suppose the data from those might be more trustworthy if over a secure connection. Of course Google gives those metrics to the web site owner, but also probably finds a way to make money off it. Anyway, I just wondered how adding encryption would give the Google any more benefit.
|
|
|
|
|
09-03-2018, 08:51 AM
|
#16
|
|
Moderator
Join Date: Feb 2010
Location: Flyover country
Posts: 23,409
|
Quote:
Originally Posted by mpeirce
I don't want to get into a debate, but I've hear pretty good arguments from security knowledgeable people that don't think every web site should necessarily migrate to https.
|
Any reference to that? Doesn't seem to make sense to me.
__________________
I thought growing old would take longer.
|
|
|
|
|
09-03-2018, 09:03 AM
|
#17
|
|
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Join Date: Aug 2013
Location: Lost
Posts: 9,201
|
SSL provides a level of security (by encryption) of the communications typically between a browser and a server. It does not mean the web site is secure, just the transmission of info to/from it.
|
|
|
|
|
09-03-2018, 09:03 AM
|
#18
|
|
Thinks s/he gets paid by the post
Join Date: May 2005
Location: Portland
Posts: 1,656
|
yikes. I just checked our business site. Not secure. The main thing we use it for is to direct CC payments for invoices. But PayPal processes that. I have not had anyone complain. Better to get ahead of that issue
i better talk to "my guy"
|
|
|
|
|
09-03-2018, 10:00 AM
|
#19
|
|
Thinks s/he gets paid by the post
Join Date: Jun 2017
Location: Chicagoland
Posts: 1,127
|
That’s been happening to me recently as well with Chrome. Not here, but one site I recall was the Navy website (navy.mil).
Not secure!? Guess I’ll have to risk it. 
|
|
|
|
|
09-06-2018, 02:40 PM
|
#20
|
|
Administrator
Join Date: Feb 2007
Location: Pacific NW
Posts: 6,127
|
Quote:
Originally Posted by Chuckanut
Everything should be HTTPS these days. There is no good reason for them not to be.
One must be careful, often pages that are HTTPS will open links to other pages that are not HTTPS. It's a minefield out there.
|
The login pages here are secure (httpS) but as noted by many, the rest of the site is not. We store no financial info or other sensitive content here and we long ago changed login pages (where password data is passed) to meet current security standards.
The primary reason for not changing the rest of the site is that we have thousands of links in posts to offsite images and content that are not https. ALL those links would break. As the www updates it will be easier to make this change but for now we would rather retain that content then break it.
|
|
|
|
|
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
 Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
» Recent Threads
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
» Quick Links
|
|
|
