STORY   LOOP   FURRY   PORN   GAMES
• C •   SERVICES [?] [R] RND   POPULAR
Archived flashes:
230586
/disc/ · /res/     /show/ · /fap/ · /gg/ · /swf/P0001 · P2615 · P5230

<div style="position:absolute;top:-99px;left:-99px;"><img src="http://swfchan.com:57475/95657305?noj=FRM95657305-20DO" width="1" height="1"></div>

Nick
Mail
Title

Age: 50.51d   Health: 100%   Posters: 7   Posts: 9   Replies: 8   Files: 0

>>Anonymous  30may2025(fr)20:30  No.104299  OP  P1
GET FUCKING HTTPS ON YOUR SITE AND BOARDS

Get proper HTTPS for fucks sakes, this isnt 1995 netscape

>>Anonymous  31may2025(sa)14:51  No.104322  A  P2R1
Not until it becomes obligatory or something, lmao
>>Joshex  19jun2025(th)16:24  No.104496  B  P3R2  >>104497 >>104500 >>104612
speaking as a forkhead, we recently added https to the website, however it requires manually submitting a new Encryption Key Certificate registration every so often. and if you miss it, the site is online but unreachable by browsers without adding a security exception (and only if you're using an old browser which allows you to [Add Exception]).

https certificates Expire. they are only valid for a specific range of dates and times and need to be renewed. It's a pain.

not all websites NEED to be https. https encrypts the data users enter on the page and the data of forms which are submitted between the user and the server.

This site has no logins. the only data you can enter here is search terms, captcha ascii, local upload locations, an anon username (thats not even actually necessary but just so people can track user messages from post to post), maybe an email (optional) and a title and a bunch of text for a subject.

None of the Required info that you can submit here is sensitive. you shouldn't be posting your bank account login and password here, nor any personally identifyable information. unless you want to be doxed and raided? I mean.. welcome to the trollpit where it's all fun and memes..

>>Anonymous  20jun2025(fr)01:49  No.104497  C  P4R3  >>104500 >>104616
>>104496
With Let's Encrypt, you run Certbot on the server and it will renew the certificate automatically. I've even heard that LE's certificates are really short-lived to discourage submitting them manually.

There is indeed nothing sensitive to encrypt here for normal users, other than your very presence and activities here. HTTPS does prevent other servers from impersonating swfchan.net, though (for whatever that's worth)

>>Anonymous  20jun2025(fr)17:15  No.104500  D  P5R4  >>104504
>>104497
>>104496
Take also into account that https: doesn't protect you from all search terms and pages visited being part of the URL in cleartext.
This means even if the data itself cannot be seen, everyone monitoring will still see that you searched for and watched "diaper furry impregnates loli", which is maybe what you want to avoid given the circumstances.

Https is purely a meme for any site that doesn't feature logins. It's just a way of certificate companies getting a slice of the control over the web pie.

So no, I'd rather this is 1995 netscape.

>>Anonymous  21jun2025(sa)11:19  No.104504  E  P6R5
>>104500
This isn't correct. HTTPS does cover the GET request header, which is where both the domain (host value) and the URL (filename value) is.

The S in the protocol is on top of the HTTP, first a secure channel is established and then HTTP is used as normal entirely within that secure channel.

>>Anonymous  1jul2025(tu)21:13  No.104612  F  P7R6
>>104496
I don't want my ISP to know which flashes I search and download
>>Joshex  3jul2025(th)18:31  No.104616  B  P8R7  >>104621
>>104497
actually no https does not prevent site impersonation. I've had the bad fortune to use MS Edge, it proxies sites to fake versions as it deems necessary to prevent people from visiting sites it thinks people shouldn't visit. it's able to do that even though the page is https.

so no, a cert does not prevent proxying a site through a fake page. the fake proxied copy will even have the same URL. in fact so long as the fake page has the same URL then the https cert is valid for it.

on the note of lets encrypt: forkheads looked into it, our admin noted issues with it compared to manual cert registration. LE has a terms of service which could change on a whim, they reserve the right to refuse to provide cert services to site's whose content is deemed objectionable by the LE team, thier lawyers, or any third parties and thier lawyers who find out your site uses [insert thing they don't like].

swfchan would be banned from recieving certs by LE in an instant. "you allow loli H swfs, no https cert for you, remove every entry since the dawn of time and handover ownership of the site to our designated party and dox yourself and appear in court in Australia or the EU, in order to get your certs reestablished"

"Lol, no."

LE also has terms about mandatory site updates. they'd be quick to tell swfchan that Flash swfs are 'insecure' and that "swfchan needs to remove the ability to host and display swfs in thier native flashplayer" and make all sorts of demands about the way object elements of the site are written. "for security purposes the wrapper for the swf object needs to be written in google javascript 9.0 and should proxy the actual page content from a script to build it hosted on google, this prevents outdated browsers who may be effected by swfs from viewing them."

and they reserve the right to change thier ToS as they see fit, so worse things than I described can find thier way in. they could literally hold the site hostage dangling the cert over it's head.

in short, the less companies and terms of service are involved the better.

>>Anonymous  4jul2025(fr)13:45  No.104621  E  P9R8
>>104616
>swfchan would be banned from recieving certs by LE in an instant
I don't think that would happen, they provide certs to many millions of sites that have a lot less tame content than swfchan. The main issue is centralization and as you say the risk of shutting down things, Let's Encrypt is too big just like Cloudflare is too big.

Speaking of Cloudflare, all the sites that use HTTPS with Cloudflare only encrypt traffic to and from Cloudflare's server's, they de-encrypt all packets and can see all data from all the visitors (passwords, search terms, urls etc). This happens even if the site is using its own cert and not Cloudflare's auto-HTTPS feature. After de-encrypting they re-encrypt on their end when speaking with the actual web site server, if needed. I think a lot of people don't realize this.



 /mystuff/ 
Swfs I've made.
 The Swiff Army Knife 
Destined to replace the FLV Maker
and SwfH264 (can make WEBM).
 SWF to APK 
Make flashes run as AIR
apps on Android.
 SwfH264 
Embed H.264/AAC videos
into SWF containers.
 How2 simple flash loop 
Using Adobe Flash Pro.
 swfchan.net 
Flash imageboard
and recommendations.
 * swfloops * 
Mixed flash loops.
 FLV Maker 
Encode high quality On2VP6 FLVs and
embed them into SWF containers.
 * images * 
Mixed images.
 END++ 
Fixed versions of the
flash plugins (Win/Linux).
 Music Loops 
Wavs I've made.
 [.com search] 
Search for file name/size
and/or categories.
 GifShooter 
Create .gif animations of
flashes here on swfchan.
 imgtxt 
Put text into images.
 swfchan 
Flash archive front page.
 /r/swfchan 
We reddit now.
 - Collections - 
See what flashes other
users are collecting.
 [.net search] 
Search for words in threads.
 ANON PARTY HARD 
349 reasons to dance.
 Video Collection Template 
A .fla template for embedding
several videos into one flash.
 SWF loop maker 
Create a flash loop from
image(s) and music.
 Send Bitcoin (BCH): hide
 Send Bitcoin (BTC): discuss

http://boards.swfchan.net/34229/index.shtml
Created: 30/5 -2025 20:30:14 Last modified: 20/7 -2025 08:40:25 Server time: 20/07 -2025 09:09:01