FireFox Says ATS Connection not Encrypted and not Secured.

a reply to: Raxoxane

I really don't care much about "the guvernment" knowing who I am, even though it is strange to not have encryption because let's be clear. When you are trying to login into a website you are sending your information which would include your isp. So it is possible without an encryption for any hacker to actually get not only your password and username but your isp as well. This is turn makes it easier for hackers to hack your own pc.

Not to mention the fact that without an encryption for login and for the site you are not really anonymous to anyone who wants to find out who you are.

If ATS does uses SSL, then wouldn't chrome and firefox see that the connection is secure?

a reply to: Springer

So what browser are you using? and does ATS use SSL? If ATS does uses SSL, shouldn't sites like ATS complaint to Firefox and Chrome? Because if sites like ATS do use SLL and Chrome and Firefox do not recognize the safe login they are giving a bad image to websites like ATS. Heck, Chrome and Firefox could be liable if their programs don't recognize SLL as safe encryption.

originally posted by: 3ncrypt0Rdie
a reply to: yuppa

Seems to me that you may need another dubbie; im likely the guy running your operation, lol just kidding.

I am an American who is trying to make a difference no money involved in any of my post. so far a waste of time actually.

do you have something interesting to add to this conversation?

You missed the part about fixing your firefox. Look you are barking up the wrong tree telling ATS what they need to do to make things more convenient for you to use Firefox.

And Oh noes!! im a american too!! what a coincidence! And really You are on a internet forum. we have nothing but time to waste here.

a reply to: yuppa

It's not Firefox. Not exactly.
Firefox did change how they identify insecure sites, but Firefox is not wonky. It is doing that intentionally.

Firefox 52 Expands Non-Secure HTTP Warnings, Enables SHA-1 Deprecation

The latest iteration of the browser expands in-context user warnings for non-secure HTTP pages with logins. Users will now be confronted with a “This connection is not secure. Logins entered here could be compromised.” message when they try to enter a username and password field on a non-HTTPS page.

Chrome also changed.

Chrome to Label Some HTTP Sites ‘Not Secure’ in 2017

Chrome users who navigate to some HTTP sites will be notified, starting in January, they’re on a site that isn’t secure.

Google said today the browser will begin explicitly labeling HTTP connections that feature either a password or credit card form as non-secure. The company said the plan is its first step toward marking all HTTP sites as non-secure, though it didn’t provide a timetable for the undertaking.

As crime spreads on the Internet, companies continue the battle to attempt to make things safer.
Most sites are increasing security.

An SSL certificate is really not expensive.
For $200 or less per year, you can get a decent certificate.

originally posted by: jedi_hamster

originally posted by: Springer
a reply to: ElectricUniverse

It's FireFox...

and that means what exactly?

just state the obvious, because some people seem to fail to realize it.

ATS doesn't use any sort of connection encryption and as far as i know, never did. so it's not something new, it never was secure to begin with.

bottom line is, yes, someone can sniff on your connection to ATS and hijack it, at least in theory. random person with no knowledge won't do it, but it's technically possible.

seriously, with let's encrypt certificates being free and comments like that, it feels like you're avoiding ssl on purpose.

I think he already said that the ergonomics involved would be time consuming and costly. He also had said back when the original thread was created, that he may consider it for members. Honestly, in this case the risk vs reward may be a wash. IMHO.

a reply to: charlyv

SSL is not difficult to implement. Not at all.
For less than $200 per year, a few minutes to add the certificate to the server, a couple of lines added to .htaccess files, and a site can be safe.

ETA: well,,, safeR. Nothing is ever totally safe.

ETA: I see one more thing - the URLs in your page content would need to be changed to https. But since that seems to be scripted, it should not be hard to change.

a reply to: BlueAjah

Well Both of them are connected in a few ways so the security certificate change was going to happen with both if one did it anyway.

If I use Firefox, I see that on many websites..but not with Chrome

originally posted by: vlawde
If I use Firefox, I see that on many websites..but not with Chrome

Any website that would use http would be flagged. Project says ATS uses basic form encryption, but Firefox says there is no encryption. If Firefox, and Chrome are lying, and ATS does uses basic form encryption, it could mean that because of a false statement made by Chrome and Firefox, ATS and other similar websites could be losing revenue, as there will be people who would decide not to use the website based off the information these browsers are giving. ATS could file a lawsuit if Chrome and Firefox are making false statements about the security of a website that makes money from ads.

Without encryption your ip address, password and username could be hacked.

originally posted by: BlueAjah
a reply to: charlyv

SSL is not difficult to implement. Not at all.
For less than $200 per year, a few minutes to add the certificate to the server, a couple of lines added to .htaccess files, and a site can be safe.

ETA: well,,, safeR. Nothing is ever totally safe.

ETA: I see one more thing - the URLs in your page content would need to be changed to https. But since that seems to be scripted, it should not be hard to change.

Um...there's a little more than simply that to adding SSL/HTTPS/TLS to any website at all. It's not precisely a 5 minute job.

There are many considerations to take into account.

Porting from 80 to 443

Mix content considerations HTTP vs HTTPS content

Whether or not there is a complex Proxy cache, encrypted content wont be able to be cached...requiring an ancillary server to handle before/after content

Being in-house proprietary software, all coding will have to be changed to reflect adding SSL/HTTPS/TLS

Mobile encryption concerns


While I'm a fan of secure sockets and encryption in general, you cant make the claim it's a one and done procedure.

I just wish we could get a IFF on Rubicon.

Buck

originally posted by: jedi_hamster

originally posted by: ANNED
I had the problem on ATS and three other sites.

I rolled back my computer three days and the problem went away.

It was the firefox update that cause this problem.

It did not happen on internet explorer , duckduckgo. yahoo, bing,

This left firefox update as the problem so i did the roll back.

it's like sticking your head in the sand in case of danger.

the warning is there for a reason. throwing away reasonable warning and future security patches, because you can't be bothered to be reminded that ATS isn't using a secure connection? that's silly.

it's not firefox to blame. it's ATS.

In my case i trust my security programs more then firefox.

firefox is not a security company and anyone that believes they are disillusioned and is taking a big risk.

Just curious, but does anyone here believe that they in fact posting anonymously ?

Every byte that is sent is traceable is it not ?

a reply to: alphabetaone

Thanks, but I did mention that they would have to update the content.
But it looks like the content is scripted, so it is not like they would have to update thousands of pages - they would need to update the scripts that generate the pages.

I have changed over web sites to SSL. It does depend on specifics of the web site, but it usually is not a huge deal.

ATS is by no means secure...

The lack of encryption is small in comparison to the major security flaws they have elsewhere.

originally posted by: anonfamily
ATS is by no means secure...

The lack of encryption is small in comparison to the major security flaws they have elsewhere.

Great point, this allows for ATS to be a Honey Pot of IP's connected to belief systems and viewing habits of many citizens world wide.

a reply to: 3ncrypt0Rdie

I was actually talking about fundamental design flaws in this message board, and two huge vulnerabilities that exist till this day.

a reply to: anonfamily

bump