Guest Michelle Posted February 4, 2021 Report Posted February 4, 2021 I wanted to registered to AFF, but my Google Chrome says that this site is not secure. After doing some research I came across this: https://www.digicert.com/dc/blog/not-secure-warning-what-to-do/ It also says, “Website owners have a responsibility to secure their site, and although site visitors cannot change a “not secure” warning, they can request that site owners implement security mesures.” And it says that passwords or similar sensitive informations can be stolen, modified, used by hackers, attackers, entities with access to Internet infrastructure (like Internet Serive Providers and governments). So I have to ask you to implement security mesures, because your site is not secure and that’s not safe. I wanted to register, but I don’t think I will if the site owners don’t implement security mesures. No one should have to be worried about their passwords and similar infos being stolen, modified, used, by hackers who can cause you troubles, impersonate you, mess shit up on the site, etc. Sites where one can post, discuss and share M-rated and E-rated fanfictions or fanworks are rather rate as some people just don’t seem to give a damn about freedom of expression and freedom of speech for writers and readers anymore (the only one I know of that respect freedom of expression and freedom of speech is AO3, but I’m looking for an actual discussion board outside of AO3). I wanted to register to AFF, I don’t know that many other sites like this. Please fix this security issue on your site, it just isn’t safe. Michelle. Quote
BronxWench Posted February 4, 2021 Report Posted February 4, 2021 I’m going to quote our Tech Administrator @DemonGoddess on the subject of the site’s SSL, back in April 2018: “We actually have a certificate, which I can get to work for about ten minutes, and then it doesn’t again. I have Nexcess looking at that for me, again. We don’t actually process any financial stuff through the site, so unless you’re putting your private information out there for all to see, you’re safe. Personal information asked for at registration, for example, is HIDDEN and only seen by mods and admins, and not searchable. We set it up that way, so that it isn’t. What gets around that, just like anywhere else, is where people will put personal information in the public profiles.” I’ve been a staff member for over ten years, and I’m very security conscious when it comes to being online. I can tell you that I have been getting the same “Not secure” label from Chrome, and while many other sites have sent Malwarebytes Premium into absolute tizzies, I have never once gotten a malware warning for AFF. JayDee 1 Quote
Thundercloud Posted February 4, 2021 Report Posted February 4, 2021 I am just a user here, but my professional opinion is that if you are paying customer, you have good reasons to demand the site to be really secure before you enter sensitive information. For services that is offered for free on the Internet, you should not enter sensitive information at all. This lowers the impact of AFF not being secure since the consequences of failure is less. With this said is is also my recommendation that the AFF staff plan make a plan for eventually making AFF more secure since there is constant arms race between the browser developers and the bad guys. Things that work today in the browser can be turned off permanently if the security professional determine that it used by too much malware. For instance, you can look at the list https://www.chromestatus.com/features#security where they are considering 57 security issues for Chrome, many of those will break older sites that not keeping up with security development. No reason for any of the current proposals to break AFF, but new additions happen on the list constantly. It is a bit like owning a car...most of the time it just works, but eventually you need to do emergency repair if you avoid doing regular maintenance. BronxWench, WillowDarkling and JayDee 3 Quote
BronxWench Posted February 4, 2021 Report Posted February 4, 2021 Exactly, @Thundercloud. We always try to remind members not to post email addresses or other personal information publicly, either on archive bios or here on the forum. Additionally, it’s just good sense to either use a password manager, or to change your passwords regularly. I also take the precaution of paying for better antivirus and malware protection, rather than rely on what comes with the computer, especially after Microsoft’s recent data breach. Ultimately, I see it as my responsibility to safeguard my computer and my data, because the big players, Google/Chrome included, don’t really care about me. Hopefully, DG will have time soon to look into the matter, if her RL work schedule ever lightens up. WillowDarkling 1 Quote
Guest IT-sec Posted December 11, 2021 Report Posted December 11, 2021 Any update on getting the certificate up and running? I’m really not a fan of logging into sites without encryption, or frequenting them at all for that matter. Quote
Recommended Posts