ATS change to https

Until recently ATS was running on http protocol, which is not encrypted and less save. I remember the concerns voiced back in the http days. Just today I noticed that all pages load on https now.

I guess that is good news, keep up the good work

a reply to: Terpene

Some insights into the change can be found in this thread.

a reply to: Hefficide

Oh good i must have missed that thread...

a reply to: Terpene

Nah, it's still http. Got a red padlock top left. Then click on more information.

Your connection to this site is not private

Website - www.abovetopsecret.com...

Connection Not Encrypted

Plus all the access to microphones, camera, ability to store data in persistent storage etc in the permissions tab (On a desktop browser, not a phone) says no as well.

a reply to: TheMadTitan

Type in the URL manually and add the S to HTTP. It's there.

a reply to: Hefficide
Aha! Thanks, I get it. I was clicking on my old bookmark, which still has the nonsecure version.

originally posted by: DISRAELI
a reply to: Hefficide
Aha! Thanks, I get it. I was clicking on my old bookmark, which still has the nonsecure version.

Also me. Cheers heff

Eventually when the kinks worked out and all the content is TLS-capable, you're going to want to add redirect rules in your web server config such that requests for http://abovetopsecret.com/some/page are automatically changed to https://abovetopsecret.com/some/page. Very easy to do with pattern-based URL rewriting in most modern servers like nginx. This way users won't need to manually type in the "https"; their requests will automatically be served securely even if they still have http bookmarks.

Really great stuff, and encouraging developments (presumably from new ownership)

a reply to: SleeperHasAwakened

Out of my depth here as I don't know much about HTML but in my subjective case it was a Firefox bookmark seeming to lock me into the non-secure variant.

Before altering the bookmark all of the above links ( video, top, new, live etc... ) were loading as HTTP.

After altering the bookmark to include "HTTPS" everything, meaning all links on the site, began defaulting to the secure variant.

Others may have a different experience.

originally posted by: Hefficide
a reply to: SleeperHasAwakened

Out of my depth here as I don't know much about HTML but in my subjective case it was a Firefox bookmark seeming to lock me into the non-secure variant.

Before altering the bookmark all of the above links ( video, top, new, live etc... ) were loading as HTTP.

After altering the bookmark to include "HTTPS" everything, meaning all links on the site, began defaulting to the secure variant.

Others may have a different experience.

100% right Hefficide. Changing one's local browser bookmarks from http to https will do just fine. For now that seems like a good quick way to go. There should be tweaks that can be made on the ATS web server that would still load the https URL even if old http bookmarks are used, which would be an automated solution on the server side that means less work for users.

Nevertheless, would be a good for users to start replacing their old http bookmarks with new https ones as they visit new pages.

a reply to: Hefficide

When did this happen??

Anyway. Cool beans!! (Do kids still say that??!)

Bookmarks updated!

a reply to: Terpene

Well, I guess they are setting it up for e-commerce. Wonder what will be for sale????

a reply to: dragonridr

Your soul obviously...

a reply to: SleeperHasAwakened

It's already been done.

originally posted by: Zaphod58
a reply to: SleeperHasAwakened

It's already been done.

Yes sir, can confirm. Typed in a few URLs with http:// and was redirected to the https:// version. Thanks again!

originally posted by: Hefficide
a reply to: SleeperHasAwakened

Out of my depth here as I don't know much about HTML but in my subjective case it was a Firefox bookmark seeming to lock me into the non-secure variant.

Before altering the bookmark all of the above links ( video, top, new, live etc... ) were loading as HTTP.

After altering the bookmark to include "HTTPS" everything, meaning all links on the site, began defaulting to the secure variant.

Others may have a different experience.

Heres something weird. I click on ANYTHING that moves me from the main page and it goes to insecure. SO apparently it is just the main page that is Https secure. I am running IRON browser btw.

originally posted by: yuppa

originally posted by: Hefficide
a reply to: SleeperHasAwakened

Out of my depth here as I don't know much about HTML but in my subjective case it was a Firefox bookmark seeming to lock me into the non-secure variant.

Before altering the bookmark all of the above links ( video, top, new, live etc... ) were loading as HTTP.

After altering the bookmark to include "HTTPS" everything, meaning all links on the site, began defaulting to the secure variant.

Others may have a different experience.

Heres something weird. I click on ANYTHING that moves me from the main page and it goes to insecure. SO apparently it is just the main page that is Https secure. I am running IRON browser btw.

You may be hitting cached pages that your browser is storing for you.

I /think/ most of the site links on ATS have been converted to https://

If you hover over the top site menu items you should see:

"Recent" ~> "https://www.abovetopsecret.com/forum/today.php"
"Forums" ~> "https://www.abovetopsecret.com/forum/index.php"
"myATS" ~> "https://www.abovetopsecret.com/forum/myats.php"

Please try clearing your browser page history/cache and see if that fixes it.

Oh and one other thing, if you see a lock icon in the address bar with an embedded exclamation mark, this means that SOME content on the page is insecure, mostly images (as some are pulled from a different URL not secured by the TLS certificate). So your text and personal info should still be encrypted in that case, i.e. https is protecting you.

I am a bit confused now.

I thought http or https makes no difference according to some members here. There was lot's of ridicule once.

Do I need to re-evaluate the honesty, integrity and knowledge of those that told us that we are all perfect fine even though there is no encryption on top of what we send through the internet?

As I understand, when I post something, the stuff needs to be shot across a wire and before HTTPS everything was readable in plain text? That means when I typed in my password, that's also sent over to ATS in plain text?

I know from reading around that it's common practice to encrypt the typed in password and have it compared to the encrypted version. Normally in a good website the password is never stored in plaintext but already encrypted in some way that can not be undone, before the new member is created.

My question then is, since I use gmail to log in, are all the non-gmail users from before that was done compromised with their password stored in plaintext?

a reply to: Terpene



a world of darkness was averted by ATS going 'SECURE' .... finally