T34229 /disc/ GET FUCKING HTTPS ON YOUR SITE AND B...

/disc/

Thread 34229

Age: 25.99d Health: 100% Posters: 6 Posts: 6 Replies: 5 Files: 0

Anonymous 30may2025(fr)20:30 No.104299 OP P1

GET FUCKING HTTPS ON YOUR SITE AND BOARDS

Get proper HTTPS for fucks sakes, this isnt 1995 netscape

Anonymous 31may2025(sa)14:51 No.104322 A ~~P2R1~~

Not until it becomes obligatory or something, lmao

Joshex 19jun2025(th)16:24 No.104496 B ~~P3R2 >>104497 >>104500~~

speaking as a forkhead, we recently added https to the website, however it requires manually submitting a new Encryption Key Certificate registration every so often. and if you miss it, the site is online but unreachable by browsers without adding a security exception (and only if you're using an old browser which allows you to [Add Exception]).

https certificates Expire. they are only valid for a specific range of dates and times and need to be renewed. It's a pain.

not all websites NEED to be https. https encrypts the data users enter on the page and the data of forms which are submitted between the user and the server.

This site has no logins. the only data you can enter here is search terms, captcha ascii, local upload locations, an anon username (thats not even actually necessary but just so people can track user messages from post to post), maybe an email (optional) and a title and a bunch of text for a subject.

None of the Required info that you can submit here is sensitive. you shouldn't be posting your bank account login and password here, nor any personally identifyable information. unless you want to be doxed and raided? I mean.. welcome to the trollpit where it's all fun and memes..

Anonymous 20jun2025(fr)01:49 No.104497 C ~~P4R3 >>104500~~

>>104496
With Let's Encrypt, you run Certbot on the server and it will renew the certificate automatically. I've even heard that LE's certificates are really short-lived to discourage submitting them manually.

There is indeed nothing sensitive to encrypt here for normal users, other than your very presence and activities here. HTTPS does prevent other servers from impersonating swfchan.net, though (for whatever that's worth)

Anonymous 20jun2025(fr)17:15 No.104500 D ~~P5R4 >>104504~~

>>104497
>>104496
Take also into account that https: doesn't protect you from all search terms and pages visited being part of the URL in cleartext.
This means even if the data itself cannot be seen, everyone monitoring will still see that you searched for and watched "diaper furry impregnates loli", which is maybe what you want to avoid given the circumstances.

Https is purely a meme for any site that doesn't feature logins. It's just a way of certificate companies getting a slice of the control over the web pie.

So no, I'd rather this is 1995 netscape.

Anonymous 21jun2025(sa)11:19 No.104504 E ~~P6R5~~

>>104500
This isn't correct. HTTPS does cover the GET request header, which is where both the domain (host value) and the URL (filename value) is.

The S in the protocol is on top of the HTTP, first a secure channel is established and then HTTP is used as normal entirely within that secure channel.