PrivateSnafu | 13 Feb 2019 9:06 a.m. PST |
This is showing in the address bar on my Chrome browser this morning. Is this normal? I always thought TMP used HTTPS.
|
Tommy20 | 13 Feb 2019 9:42 a.m. PST |
|
Saber6 | 13 Feb 2019 9:53 a.m. PST |
|
Joes Shop | 13 Feb 2019 9:59 a.m. PST |
I started seeing this in Chrome for the last 2 weeks. |
PzGeneral | 13 Feb 2019 10:25 a.m. PST |
Firefox says Connection Not Secure….. |
Stryderg | 13 Feb 2019 10:27 a.m. PST |
Google is pushing to get everyone else to use HTTPS. One of the ways they are doing that is with sneaky messages stating things like "Not secure". I ask you, what have you posted here that needs to be encrypted so that no one else can read it? |
PrivateSnafu | 13 Feb 2019 10:52 a.m. PST |
@Stryderg Check yourself. I'm asking a question. Your question should be taken as rhetorical, but i'll answer: nothing. "Sneaky" not in the least, completely obvious and transparent. Things seemed to look different today. |
Stryderg | 13 Feb 2019 11:18 a.m. PST |
Yes, it was rhetorical. I apologize if I came across a bit snippy. Google gets my dander up because of their size, perceived power, and the fact that I'm paranoid. |
Editor in Chief Bill | 13 Feb 2019 11:35 a.m. PST |
Haven't seen a need to go https. |
Prince Alberts Revenge | 13 Feb 2019 12:33 p.m. PST |
If you are using chrome nothing is secure, http or https from our good friends at Google. |
14Bore | 13 Feb 2019 1:11 p.m. PST |
Oddly I use 3 different browsers on my tablet, for here I use the Dolphin browser. Do use Chrome for some sites but haven't seen that massage yet. |
Editor in Chief Bill | 13 Feb 2019 1:29 p.m. PST |
Just a note that when you make a payment, everything is handled on the PayPal platform, not on the TMP server. No payment information is stored on the TMP server. |
Walking Sailor | 13 Feb 2019 1:45 p.m. PST |
and the fact that I'm paranoid. "Even a paranoid has some real enemies." H. Kissinger google is not your friend. |
MajorB | 13 Feb 2019 2:34 p.m. PST |
If you are using chrome nothing is secure, http or https from our good friends at Google. Why? |
Winston Smith | 13 Feb 2019 2:44 p.m. PST |
Google is as secure as it wants to be. See how they are handling personal security in China. Saying something is "secure" is just a challenge to hackers. It's best to handle all transactions with gold coins, not paper. In person, or through a bonded messenger service that rides horses, because cars can be hacked. And I'm not too sure about the horses. |
Stryderg | 13 Feb 2019 2:47 p.m. PST |
Because part of the end user agreement that you didn't read says that anything you put on Google's platform (that's your search queries, email, videos, google docs, etc. etc. etc) is available to Google so they can aggregate that data and resell it. How do you think they target ads to people? Cute experiment people have tried, ask Google's Assistant for something you'll never buy and see how many emails and notifications you start getting selling that. Just because I'm paranoid does not mean that they are not out to get me. |
Winston Smith | 13 Feb 2019 4:16 p.m. PST |
I googled "Persian Rugs" just to print some patterns out to put in the interior of some 28mm houses. For the next week I got about 4 ads for Persian carpets per day. They've tailed off. That's just one example. |
Prince Alberts Revenge | 13 Feb 2019 9:58 p.m. PST |
MajorB: check out the documentary "The Creepy Line" regarding how Facebook and Google handle your data. Interesting to see why they developed Chrome in the first place. Stryderg nailed it on the head, when someone signs up for any of Google's apps they are allowing them to access all of the associated data that goes along with it. Google sells products for cheap or free because you are the real product they sell. |
Memento Mori | 13 Feb 2019 11:48 p.m. PST |
It is not just Google and c Chrome I use Firefox browser on Windows X Yahoo is my home page I also use a VPN proxy and Mcafee antivirus. Firefox indicates that TMP is not secure and is not erncrypted |
Mr Elmo | 14 Feb 2019 3:09 a.m. PST |
HTTPS Everywhere is a growing movement TMP should adopt. link |
Fried Flintstone | 15 Feb 2019 2:15 p.m. PST |
HTTPS protects a website's users. That's why it matters. link |
etotheipi | 15 Feb 2019 4:39 p.m. PST |
HTTPS protects a website's users Users protect themselves. Or they don't. |
PrivateSnafu | 17 Feb 2019 9:13 p.m. PST |
There is nothing that could be said to change Bills mind, it's how he is. |
etotheipi | 19 Feb 2019 6:31 a.m. PST |
There is nothing that could be said to change Bills mind, it's how he is. Well, nothing is being said, so … |
PrivateSnafu | 20 Feb 2019 10:47 a.m. PST |
Some of the comments have indicated the value of https. Passwords and personal email addresses are something that is entered on this website that is unencrypted. We may be reading different threads. |
etotheipi | 21 Feb 2019 6:50 a.m. PST |
Some of the comments have indicated the value of https. No they haven't. The comments linked to articles that discuss https, however none of those articles put any of that information in the context of TMP. If I were, hypothetically, an offensive cyber operator I would revel in glee at the commonality of the misconception that technology is the basis of security on the Internet. Passwords and personal email addresses are something that is entered on this website that is unencrypted. This is the first comment in this thread that offers any argument. The use of "passwords" is that statement deceptive. The only password you are required to send over the https connection is the password to your TMP account. An account that is not linked to any PII or financial information. So, yes, in theory a miscreant could be lurking and intercepting logins to TMP and storing them for later use to login as various members and post things in their account's name. If you're putting your financial account numbers and their associated passwords ( or other sensitive material ) in your posts, well, that's your dysfunction and has nothing to do with the technology. Https doesn't really add anything to that case, either. If you're putting that in your posts, gleaning that info from the page is easier and more efficient that intercepting it in the initial transfer of your post. If you use the same password and id on this site as other sites, again, your dysfunction. Nobody who advocates for using https ( which I do in many cases ) would say its OK to do that because you are using an https connection. Email addresses are less interesting. As opposed to passwords, which you have to transmit every time you log in ( assuming you don't leave a cookie credential that lets you not log in ) , you only enter your email address once when you sign up and any other time you change it for your TMP account. Also, while people are afraid of others harvesting their email address for nefarious purposes, you have to associate that email address with a real world activity like interest in Persian rugs or travel to Bodnage. I'm not so sure there is a heavy demand black market for contact info on people who wargame. And if you are putting your email address in a post, again, https does nothing to protect it since it is out there in the open for anyone or anything who browses by to see. |
PrivateSnafu | 21 Feb 2019 9:07 p.m. PST |
I should have said people indicated they thought there was value in https, regardless of whether they understood it or not. True, no one made a case for it. |
Legion 4 | 22 Feb 2019 7:49 a.m. PST |
The net being secure … ? You must be kidding !!!! |
etotheipi | 23 Feb 2019 5:25 a.m. PST |
The net being secure … ? You must be kidding !!!! huh? Not kidding, but that's not what I said. ; ) The 'Net, or any other piece of technology, is neither secure or not secure. That's because security ( cybersecurity, operational security, information security, etc. ) is an operational property of the assets and the various types of ( intended and unintended ) access to them in the context of threat, not a property of the processes and tools we ( including the threat ) use to access them. Saying a site with https is secure is neither right nor wrong, but rather misguided in its attempt to link security directly to technology. So, am I secure on TMP? Sure. Do I risk that, right now as I type, someone else might be posting under my account on boards that I never visit? Yes. Do I care enough to expend any effort to mitigate that risk? No. Of course, if someone were really really really really really really really really really really really really really really really concerned that a miscreant was going to spend hours and hours of work to changed their TMP default currency to the Kuwaiti Dinar, then they should invest some effort into avoiding that. |
Legion 4 | 27 Feb 2019 7:27 a.m. PST |
Again, I'm still waiting for my money from that Prince in Nigeria … |