Jump to content

Always force HTTPS on nsaneforums


DrGopnik

Recommended Posts

I noticed that even though I put HTTPS in my URL-bar, whenever I click a link nsaneforums would force HTTP_ again.

 

1_normal_link.png.a4cf04d51b5fc2c98b6309756c53ff71.png

 

Now everyone should only post when HTTPS is on for security reasons, else "they" know your username and what you posted.

 

There are many browser addons that force HTTPS to be on, however the EFF approved HTTPS Everywhere is the most popular one. Sadly by default it doesn't recognize nsaneforums, so here is how to add a new rule:

 

2_add_rule.png.e1a2ef14ac4a98863efc790c7b52de44.png

 

When you do this you always will use HTTPS on nsaneforums, protect your username and make your ISP / government not be able to read what you post!

 

3_be_safe.png

 

Be safe friend, always encrypt!

 

Link to comment
Share on other sites

  • Replies 20
  • Created
  • Last Reply

What do you mean? It is real HTTPS aka Transport Layer Security v1.3, which is the strongest encryption on the world wide web right now.

 

safe.png.4e2c73022a31f50dc784ba15c55863b3.png

 

https://anonym.to/?https://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_1.3

 

Link to comment
Share on other sites

What I am saying is my knowledge is low. Help me understand how Nsaneforums got https without the admins using a ssl certificate? 

I thought a website can have https only when they have a ssl certificate. 

Link to comment
Share on other sites

1 hour ago, h3Ct0R said:

What I am saying is my knowledge is low. Help me understand how Nsaneforums got https without the admins using a ssl certificate? 

I thought a website can have https only when they have a ssl certificate. 

Issued to: sni27985.cloudflaressl.com
Issuer
CN = COMODO ECC Domain Validation Secure Server CA 2
O = COMODO CA Limited
L = Salford
S = Greater Manchester
C = GB

Valid from: ‎01 ‎June ‎2018 03:00:00 to: 09 ‎December ‎2018 02:59:59 (GMT +2 Summer Time, ie GMT +3)

DNS Name=*.nsanedown.com
DNS Name=*.nsaneforums.com

This certificate is OK.

PS! But here is one small problem with the fact that this license is incorrectly installed.

Link to comment
Share on other sites

  • Administrator

One, yes, we have HTTPS on the forums which is handled not by us but through somewhere else and two, it's specifically not enforced as it breaks the forums. I'm expecting that the future version of the IPB might not have this problem with HTTPS and we will actually be able to enforce it. Till then, we suggest members to not use it.

Link to comment
Share on other sites

On 7.6.2018 at 12:02 PM, DrGopnik said:

There are many browser addons that force HTTPS to be on, however the EFF approved HTTPS Everywhere is the most popular one. Sadly by default it doesn't recognize nsaneforums, so here is how to add a new rule:

 

2_add_rule.png.e1a2ef14ac4a98863efc790c7b52de44.png

 

When you do this you always will use HTTPS on nsaneforums, protect your username and make your ISP / government not be able to read what you post!

 

3_be_safe.png

 

 

 

I am wondering about the plugin, In my version (in Firefox) there is no option to add new rules

 

du744o2ggvxdjn3rf.jpg

Link to comment
Share on other sites

54 minutes ago, truemate said:

that attachment in 1st post... which browser/addon is that

 

Firefox with HTTPS Everywhere:

EFF official site:
https://anonym.to/?https://www.eff.org/https-everywhere
Addons Mozilla:
https://anonym.to/?https://addons.mozilla.org/en-US/firefox/addon/https-everywhere/
Chrome store:
https://anonym.to/?https://chrome.google.com/webstore/detail/https-everywhere/gcbommkclmclpchllfjekcdonpmejbdp?hl=en

 

32 minutes ago, Togijak said:

I am wondering about the plugin, In my version (in Firefox) there is no option to add new rules

Oh I should have told this! Thanks for your comment. You must first load the site manually into https before you can add new rules.

 

On 6/7/2018 at 3:15 PM, DKT27 said:

[... cut...]not enforced as it breaks the forums[... cut...]

Yeah there can be rarely problems with maybe liking posts, or code tags must be inserted manually. I dunno.

 

 

Link to comment
Share on other sites

1 hour ago, DrGopnik said:

Oh I should have told this! Thanks for your comment. You must first load the site manually into https before you can add new rules

 

I try in Vivaldi and Firefox but the option to add a rule is not given on nsaneforums

Link to comment
Share on other sites

Your efforts to do so is completely unnecessarily, it does not work anyway.

You can put the head under the sand, like the ostrich does, and then may think that nobody will see him, but of course, this doesn't help to hide him fully
https is only sign what shows that protection is used, nothing else. And if the protection/encryption is correctly installed, it turns absolutely always http to https automatically.

Why should you see https if it is not there, there is no encryption and you, like user, will not be able to do anything other, than to choose whether to continue or not to continue using.

And even if it is there, it will not be protect anyone, and not by any way - it is once again one method of making money for somebody.

On the Internet can not anyone protect you, except something, what is between your two ears. Of course, if you have two ears and between of them is something.

Link to comment
Share on other sites

  • Administrator
On 6/8/2018 at 11:22 PM, DrGopnik said:

Yeah there can be rarely problems with maybe liking posts, or code tags must be inserted manually. I dunno.

 

Loading more content on the Unread Content page for example does not work in HTTPS.

 

Also, I personally found the above famous addon to be using a lot of memory, I find this to better I think.

Link to comment
Share on other sites

Why not just use VPN to force HTTPS on nsane forums? VPN is already in use so no need for addon or extensions.

 

Link to comment
Share on other sites

  • 4 weeks later...
On 6/11/2018 at 6:45 PM, Rusty said:

Why not just use VPN to force HTTPS on nsane forums? VPN is already in use so no need for addon or extensions.

 

 

A VPN only encrypts between the target PC and the VPN provider. If I access a website with HTTP through a VPN they may not see my IP, but they see what I am doing. Also most VPN providers will hand out data, no matter what they tell their customers.

 

On 6/9/2018 at 12:43 PM, Kalju said:

https is only sign what shows that protection is used, nothing else. And if the protection/encryption is correctly installed, it turns absolutely always http to https automatically.

 

Wrong, if https is used the data is concealed. No government sees which topic I am reading right now, no government sees which name I post under, no government knows what I download. They only see encrypted TLS1.x packages and two IPs. However what the person does on the site is hidden. Sorry but I have to say that you should please read a book about cryptography and what it does.

 

I'm completely shocked how anyone can claim HTTPS is useless and fail to understand the mathematics behind it. Possibly the worst FUD I've seen this month.

Link to comment
Share on other sites

1 hour ago, DrGopnik said:

I'm completely shocked how anyone can claim HTTPS is useless and fail to understand the mathematics behind it. Possibly the worst FUD I've seen this month.

EnCt2dd78943d312dddee0eda52e075c6c661f4a5d670dd78943d312dddee0eda52e0uFK/mtbrJgD
PHqIHPVs+2F7sI9IMGqkkHLawlHMlFNxjIewo+5bf/5VsOWjP7QbI4YvBfjjyzxmNJ7YiwGzWCAqt/PT
7y7ja9rN4QAC3f0Ya9gR3FryMyStxYdWA2bbuYhlvLeCJ+7EZCm/i4it6xslS5HjMK6jo2ZifYnnc0hL
raXezkjfatDw9R9kRErDEJsJyn95Tb88SAfrK36TUjfDqeHCF3gvzRQoqsXRDSYQ3Vyyu3xpYafPqVE9
Sf4jetvxEk+rPR4oyvVP31B0Z4SeM8dhQNmMiNsRDNdLl6mkBS5bqZqFRL1WvDMt2OS5sMCbNzyX3irS
ToWYY3AMBIUOE1DhCcxy1OfbrU/AlN4xPs6+4rLgYVy/l/ti+KT8EKcO32Q==IwEmS

Link to comment
Share on other sites

13 minutes ago, Snuffy1942 said:

image.thumb.png.00d2dfd6ad6bb738e5c5a7ab52b670a1.png it  says it added but it is still orange

If it would added (as you said), it also would work.
But as you can see, it has not yet been added, at least not right, as it should be. So it cannot work. It's only fraud here.

Link to comment
Share on other sites

  • Administrator

The forums are now completely HTTPS enabled. All the other notifications you guys are seeing is not related to the forums but due to members posting unencrypted image links here.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...