Site has no SSL

[shibarib]

Hey there! Haven't played in a while and just came back.

The site currently has no SSL, meaning all traffic (including logins and passwords) are unencrypted. Setting up one through Lets Encrypt is pretty straightforward and free, so if this could be done that'd be great!

[vatas]

I'm not expert but supposedly it has some sort of SSL, just not the standard that basically every other website uses because you have to pay some organisation for it and Loftar considers that a racket.

How do you enable this SSL? I don't know, someone who knows should post step-by-step guide on how to enable it.

[MagicManICT]

There is an SSL. You will need to manually accept the certificate offered when attempting to connect via HTTPS, and possibly manually install it. Firefox likes to give headaches over this. I'm unsure of how other browsers handle this currently.

Loftar considers that a racket.

It's not so much a racket, but in the off chance that the system does get hacked, the entire security of the Internet would be compromised and the whole system collapses like the house of cards it is. The only upside is that there are so many layers to hack from the last I read anything on it, it's not likely to happen. Very remotely possible, but not likely.

[Granger]

Paid for SSL certificates are a racket, when viewed in conjunction .
Can be avoided these days by using letsencrypt which is easy to set up.

Would be better though in case the certificates could be queried through DANE (through DNS, secured by DNSSEC to make sure you get the right one for the site you want to connect to), but that hasn't gotten any traction so far (as of no built-in support in the browsers it's not ready for joe verage, hence it's not used).

[vatas]

I'm currently using Pale Moon and Chrome, neither of them has, at least easy/clear, way of enabling custom certificates.

[MagicManICT]

I'm currently using Pale Moon and Chrome, neither of them has, at least easy/clear, way of enabling custom certificates.

Browsers have really had this stripped out the last few years because a lot of phishing sites have abused it (mostly they just depend on people clicking on non-SSL links). When you do enable allowing this, it is then up to the user to make sure they're following "safe surfing" standards like making sure you're going to the website you intend to go to. Phishing scams work because people blindly click through to sites without thinking.

One might equate it to the "Are you sure?" delete confirmation boxes. it became so ubiquitous that the need for undeletion software has actually increased. People don't think of "what's the importance of this" and just click yes. People get so used to hand holding in their browsing habits they never learn to police their own actions. Comparatively, the need to just block users from "unsafe corners" of the Internet has simply risen over the years to the point that Internet companies act as net nannies for us all.

[Granger]

I'm currently using Pale Moon and Chrome, neither of them has, at least easy/clear, way of enabling custom certificates.

One might equate it to the "Are you sure?" delete confirmation boxes. it became so ubiquitous that the need for undeletion software has actually increased. People don't think of "what's the importance of this" and just click yes. People get so used to hand holding in their browsing habits they never learn to police their own actions. Comparatively, the need to just block users from "unsafe corners" of the Internet has simply risen over the years to the point that Internet companies act as net nannies for us all.

No.

The problem is in the hand holding instead of letting Darwin do his job.
The longer we let this continue the more likely we'll all end up in padded cells we'll be forced into to protect us.