Wondering, why no HTTPS on abovetopsecret.com

In case AnonyMason shows here, you don't seem to even understand what https does.

Because they have things like your IP address, your username, the password you use for this site, and potentially other personally identifiable information you store in your browser.

Without SSL/TLS and HTTPS that data is sent in clear form and will be sent to anyone ATS decides they want to share it with.

They can do that with or without. Once the data gets to the web server, it is decrypted for this site to see.

Very disappointing that security best practices for the users of this site are still taking a back seat to the bottom line. Not cool, Bill. The average user of ATS doesn't understand how valuable the data is that you guys are using to generate ads and make money from. The least you guys could do is get some CA's and set up HTTPS.

If your CDN is that much of a pain in the ass maybe it's time to switch from Secured Servers LLC to something a little more user friendly like CloudFlare or StackPath?

If you want some pro-bono consulting, feel free to ask. If I sound a little irritated it's because we're almost in 2020 and you guys are still sending cleartext user data all over the effing internet. Always happy to help my little corners of the internet operate in a more secure fashion.

originally posted by: roadgravel
In case AnonyMason shows here, you don't seem to even understand what https does.

LMFAO.

a reply to: roadgravel

Not sure why this is something you want to debate so hotly.

HTTPS is literally the bare minimum a site can do to provide a safer environment for the users. Suggesting otherwise is pure ignorance.

a reply to: AnonyMason

I am just pointing out you don't seem to understand what it is and what it does.

a reply to: roadgravel
(For Authentication Only)

Ed - nevermind

a reply to: AnonyMason

can someone tell me why my computer says ATS is "not secure"

i have a question :

what is the absolute worst that can happen ?

^ the context of this is " because ATS.com = " not secure "" then xxxxxxxxxxxx could happen to me "

so what is the worst itteration of XXXXXXXXXXX ???????????

my opinion is :

" they " could spoof my account and post " as me "

to which my response is meh - it would be amusing to see how many people fail to realise that its a hacker not the real me

this user name - is really only active on ATS nowadays - it still has accounts at various places - but nothing of consequence - i is on metabunk , bad astronomy and a few other holdovers - but most things i used this sign up for a long dead

no one can use the account to upload anything to my devices remotely

so stop being paranoid - this is only a forum .

a reply to: research100

Sure can. Mozilla, Microsoft, and Google have adopted the stance that all websites should be using HTTPS. If you're using Chrome or Firefox there will be an info icon to the left of the URL field on your browser. It will say insecure if the site is transmitting data using standard HTTP.

Encrypt the Web

a reply to: ignorant_ape

Again, that's fine for you. Your data, your choices. If you have no problem transmitting clear data to all the ad services that are being utilized on this site, that's your prerogative.

As to your bull crap "what's the worst that can happen?" scenario open your mind to a few simple realities. 90% of the internet uses one password for nearly every account they create. ATS requires an email address to register, and a great deal of people will use their primary email address for that, as well. Say, ATS leaks clear text data and user passwords are compromised by a third party, now your email address is also compromised. What's linked to email addresses? Financial data, billing cycles for your other online memberships, netflix, hulu, all your Amazon Prime transactions, UPS, Fedex (meaning your home address).

So lets not pretend like this is over reacting. This kind of stuff happens literally everyday. And it mostly happens because of people's attitudes that mirror your own.

Furthermore, it's taken me less than five minutes to discover how ATS handles the user login cookies. Authenticated users have two session cookies created when they log in. Both are transmitted in the clear and only one is hashed with what appears to be MD5. xmbuser=AnonyMason and xmbpw=faab1e6d710ac1c3318aacbf16b9823d. Best practices for how a domain handles it's cookies suggests that no critical information should be stored in cookies. Passwords are critical information. Brute forcing md5 hashes isn't that hard these days.

But it's cool. I'm sure all of the users on ATS are familiar with all of this. I'm sure they all know the best ways to protect themselves. Just keep listening to roadgravel. Encryption is no big deal.

Because they have things like your IP address, your username, the password you use for this site, and potentially other personally identifiable information you store in your browser.

Without SSL/TLS and HTTPS that data is sent in clear form and will be sent to anyone ATS decides they want to share it with.

IP address encrypted during send using https? Really?

It is going to prevent ATS from giving it to other companies? So you think it is encrypted forever?

I don't care how ATS does this. But many people come here crying about not using https and don't even know what they are talking about.

Encrypted IP, haha.

a reply to: roadgravel

I didn't come close to saying that HTTPS will encrypt your IP address. Now your just twisting my words up to suit your trollery.

The ATS privacy policy clearly states that your IP address is stored and shared with third parties. I was pointing that out for the users who aren't familiar with what kind of data is stored by this website and other in general.

a reply to: AnonyMason

Read the words you posted.

You said this list of data items and then "that data is sent in clear form" but you want it encrypted.

Seems you are the one who came here to troll the subject.

Anyway, HTTPS does not prevent ATS from sharing your data.