Announcement

Collapse
No announcement yet.

Net neutrality / HTTPS

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

    Net neutrality / HTTPS

    Hello everybody, you may not be aware of the changes occurring in the USA regarding ISP network usage collection and I'm here to help bring you up to date. The short story is that previously your ISP wasn't allowed to collect, store, sell or divulge your internet usage habits without a warrant. This is changing and the invasion of privacy here at ULMF can be mitigated with an HTTPS upgrade.

    Currently ULMF runs on HTTP only. That means a couple of critical personally identifying information points are exposed to your ISP or people on various home and public network configurations.

    Key vulnerable points ULMF currently:
    1) Your username, account login password, login session etc are all flapping in the breeze.
    2) Any activity you do is plaintext and easily stored at your ISP: post text/edit etc.
    3) Any threads you browse regularly is easily indexed by your ISP: dat boi loves the MilkyQuest thread.

    What does an HTTPS upgrade do for ULMF (basically)? It hides all unique information in the points listed above. The only things your ISP or a man in the middle attacker will see is that your IP is communicating with ULMF but not what specifically it is doing on ULMF.

    There are plenty of free HTTPS certificate providers that are easy to configure such as CloudFlare.

    EFF Provided diagrams:
    HTTP (current ULMF)
    HTTPS

    #2
    Re: Net neutrality / HTTPS

    Hm thanks, been wondering what the difference between http and https was.

    But as for the upgrade, in terms of who would be able to do that it sounds pretty similar to a server move, and the owner of the site isn't on much anymore. I'm not sure the admins or super admin would be able to do that on their own :/
    Makes Dark Souls look like a casual 'E for Everyone' Care Bear Island Adventure game. -HarmlessBreeze about Long live the Queen
    Life is more fun when you are insane. Just let go occasionally. -yakcamkir
    Spoiler

    Comment


      #3
      Re: Net neutrality / HTTPS

      Originally posted by Byzantine2014 View Post
      Hm thanks, been wondering what the difference between http and https was.

      But as for the upgrade, in terms of who would be able to do that it sounds pretty similar to a server move, and the owner of the site isn't on much anymore. I'm not sure the admins or super admin would be able to do that on their own :/
      It is fairly easy actually. Either use the webhost's SSL services or go with something like cloudflare which is 1) sign up for CDN service (like cloudflare) 2) configure DNS to go to the CDN 3) point the CDN at ULMF 4) use cloudflare 1 click SSL feature.

      Comment


        #4
        Re: Net neutrality / HTTPS

        Spoiler

        Also the certificates aren't that cheap last time i heard about it and the cheap ones don't follow the best practices.
        We had cloudflare before and from what i remember it wasn't stable.

        Comment


          #5
          Re: Net neutrality / HTTPS

          Originally posted by Anomaly View Post
          It is fairly easy actually. Either use the webhost's SSL services or go with something like cloudflare which is 1) sign up for CDN service (like cloudflare) 2) configure DNS to go to the CDN 3) point the CDN at ULMF 4) use cloudflare 1 click SSL feature.
          Configuring DNS is something vanilla admins DEFINITELY can't do, even if they had root access to the server.

          And anyway, the EASIEST way would be through Let's Encrypt.
          "RPG's aren't about problems, they're about having fun and watching your grimdark world devolve into Monty Python quotes."

          Just a little teaser: http://pastebin.com/vGndFrvY

          For truly it is written, RTFM.

          Comment


            #6
            Re: Net neutrality / HTTPS

            Or you could just jump on someone else' connection, if you're the type that REALLY doesn't want someone knowing what they're up to.

            Any internet cafe will do... just be sure to pay in cash and wear a hat for the security cams

            If you're in a rural area, there's always some schmuck with an unsecure connection.

            Comment


              #7
              Re: Net neutrality / HTTPS

              Originally posted by super_slicer View Post
              Or you could just jump on someone else' connection, if you're the type that REALLY doesn't want someone knowing what they're up to.

              Any internet cafe will do... just be sure to pay in cash and wear a hat for the security cams

              If you're in a rural area, there's always some schmuck with an unsecure connection.
              Those are relatively impractical approaches to privacy for a majority of users though. The point of introducing HTTPS is because it is a much more mature solution at this point in time and there are now very free and easy ways to set it up. It helps the layman who doesn't know why things like these are useful. It isn't about using a VPN, helping yourself or behaving like a criminal for legal behavior. It is more about helping the people who use the same password to log into every site to not get sniffed, doing due diligence for privacy on an adult content site and putting a damper on gross power creep of ISPs.

              Comment


                #8
                Re: Net neutrality / HTTPS

                Originally posted by Anomaly View Post
                much more mature solution
                I take offense to this.

                Suggesting complete anonymity is some childish trick.

                Comment


                  #9
                  Re: Net neutrality / HTTPS

                  Originally posted by super_slicer View Post
                  I take offense to this.

                  Suggesting complete anonymity is some childish trick.
                  You shouldn't. Mature solution means the technology has gone through more development and is less likely to fail. It has nothing to do with human age.

                  Comment


                    #10
                    Re: Net neutrality / HTTPS

                    Originally posted by noman View Post
                    You shouldn't. Mature solution means the technology has gone through more development and is less likely to fail. It has nothing to do with human age.
                    I think you're missing the point, and intentionally. Needing anonymity in an age where net security and privacy should be a given is childish at best, suspicious behavior at worst. If you're not guilty of questionable behavior, then you don't need to worry about staying hidden on the internet. People who want to remain anonymous indefinitely either lack the moral behavior to keep them out of prison without threat of repercussions, or have failed to mature to a point post-2003 when the rest of us have grown out of the 1337 HAXXOR stage of our immature years.

                    And before you start with "b-but muh freedom!" bullshit, be aware that I've already pointed out the flaw with that argument. A security agency could literally give two fucks about someone browsing ulmf as long as they aren't shipping child porn or other contraband to others. Even then, I doubt they're going to make an issue of it until there is enough reason to be concerned, a la you're now making home movies or giving opposing gangs/armies nukes to blow each other up with. Your ISP can log your info and sites you visit (and does, same with your cellular company, your bank, etc with their respective areas of expertise) and you could go to the end of your days none the wiser. It is literally the shittiest, most contemptible behavior to complain about your activity being monitored because you want to be 13 again.
                    List of things that will never happen:

                    ->Half Life 3
                    ->Project X: Love Potion Disaster completed
                    ->Dargoth MGQ:Paradox complete translation patch
                    ->Panty and Stocking Season 2
                    ->Reboot having a satisfying conclusion
                    ->Ecstasy MGQ NG+ mod being finished

                    Stuff I'm supporting:

                    http://www.ulmf.org/bbs/showthread.php?t=30109

                    Comment


                      #11
                      Re: Net neutrality / HTTPS

                      Originally posted by Ninja_Named_Bob View Post
                      an age where net security and privacy should be a given
                      You're joking, right? Net security is a complete joke, just look at all the high-profile attacks where personal data and passwords were stolen, and then recall that these are just services with 100 000 000+ users and think about how many other attacks happened that didn't make the news. And privacy? There's no such thing as privacy unless you take serious steps to maintain it. Facebook, Google, et al do their best to know everything there is to know about you regardless of whether you'd like them to know it or not.
                      "RPG's aren't about problems, they're about having fun and watching your grimdark world devolve into Monty Python quotes."

                      Just a little teaser: http://pastebin.com/vGndFrvY

                      For truly it is written, RTFM.

                      Comment


                        #12
                        Re: Net neutrality / HTTPS

                        Originally posted by Hentaispider View Post
                        You're joking, right? Net security is a complete joke, just look at all the high-profile attacks where personal data and passwords were stolen, and then recall that these are just services with 100 000 000+ users and think about how many other attacks happened that didn't make the news. And privacy? There's no such thing as privacy unless you take serious steps to maintain it. Facebook, Google, et al do their best to know everything there is to know about you regardless of whether you'd like them to know it or not.
                        Hence the "should". There is no replacement for common sense and protecting yourself, but that's a separate concern from whether Telus knows that I like hypno/mind control content and large tits. As for facebook and google getting to know every little thing about you(including that pimple on your left ass cheek), refer to the above. The only way they can bog you down with relentless ads and annoying spam is if you make that info known 24/7. My facebook profile is basically empty minus a few photos from years ago and my super sentai profile picture. When I'm done with my fap session, I delete my browser history. It's not a surefire means to avoid that information being picked up (it likely will), but I would love to see google and facebook try to sell me Stuffie's tail or a tap-dancing spider.

                        I would probably buy both, too.
                        List of things that will never happen:

                        ->Half Life 3
                        ->Project X: Love Potion Disaster completed
                        ->Dargoth MGQ:Paradox complete translation patch
                        ->Panty and Stocking Season 2
                        ->Reboot having a satisfying conclusion
                        ->Ecstasy MGQ NG+ mod being finished

                        Stuff I'm supporting:

                        http://www.ulmf.org/bbs/showthread.php?t=30109

                        Comment


                          #13
                          Re: Net neutrality / HTTPS

                          Originally posted by Ninja_Named_Bob View Post
                          Uninformed millennial drivel
                          When speaking about the internet anonymity is all but synonymous with privacy.

                          Privacy is a basic human right, whether governments will add it to their charters or not. What I use my computer for should not be easily obtainable information, just as what I do in the privacy of my home shouldn't be (where I'd be using my computer if it didn't somehow magically break the privacy that I'm LEGALLY entitled to in my own home), just as what random thoughts I have floating around.

                          Your argument against this is what? "Oh it's already being breached so that's no big deal" I guess if someone is assaulting another the blow that cracks the assaultee's skull and causes them to die is only as serious as the one that gave them a fat lip right? Wait a second... that's actually the difference between assault and murder!

                          Stop interrupting the adults and go back to your playing with your smart phone.

                          Comment


                            #14
                            Re: Net neutrality / HTTPS

                            Originally posted by super_slicer View Post
                            When speaking about the internet anonymity is all but synonymous with privacy.
                            Under what pretext? Because you say so? Sorry, the world doesn't work that way.

                            Privacy is a basic human right, whether governments will add it to their charters or not.
                            It's a right inasmuch as when you are in a place and position where your own privacy is guaranteed, e.g., your own home. If you go to a hospital or get arrested, the only guarantee of privacy is what you are willing to disclose or required to to the professionals. While you are not under any obligation to share with the world what ails you, it's also not required for the world to give you privacy in a public forum. Not sorry, you need to re-educate yourself if that concept flew over your head.

                            What I use my computer for should not be easily obtainable information,
                            Yeah, no. Your computer connects to thousands of public channels in a day. You're saying just because you have a private, home network that your ability to access the outside world ought to be concealed? Not how this works. If I walk outside, I can't demand everyone ignore my existence. They do regardless, but that's aside the point.

                            just as what I do in the privacy of my home shouldn't be (where I'd be using my computer if it didn't somehow magically break the privacy that I'm LEGALLY entitled to in my own home),
                            Okay, here is where you're confused. You're inside your own house. Your computer is in your house. If you refuse to get internet, then your privacy is secured. You're not required to share anything with anyone from the outside unless they have the authority to demand it. Now, here's what you're not understanding.

                            The internet isn't your personal safe space.

                            It is a PUBLIC space, where ideas, thoughts, and opinions congregate in a (mostly) anonymous series of forums. The moment you boot up your modem, that's you agreeing to accept the responsibility of being in a public space, same as you would if you were outside. That includes(but isn't limited to) having what you say/do shown to everyone. If you can't handle the "extreme" responsibility of acting like a civilized adult in a public place, then internet "privacy" probably isn't the biggest concern you should be having.

                            just as what random thoughts I have floating around.
                            Again, you're confusing being in your own home/head with being equatable to saying stupid shit in public.

                            Your argument against this is what? "Oh it's already being breached so that's no big deal"
                            No, my argument is "the internet is a public space, and like all public spaces, what you say/do is on display for everyone." Or, that's the point that should be getting across. Maybe I wasn't clear?

                            I guess if someone is assaulting another the blow that cracks the assaultee's skull and causes them to die is only as serious as the one that gave them a fat lip right? Wait a second... that's actually the difference between assault and murder!
                            And a false equivalence irrelevant to the topic at hand. If you can't even manage a relevant and (mostly) accurate comparison, then your argument has no ground to stand on. Right now, all you have is "b-b-but mommy and daddy told me I shouldn't be judged for what I do publicly!" Well, since you like false equivalences...

                            You assault a man in public and get arrested. That is a public thing, and the police and other people not only have the right to watch the event, but also to step in. Now, if you did it in the comfort of your own home, it's another case. Nobody else has the power or privilege to witness or step in without cause, and even then must possess the authority to do so. So, if that man claims you kicked the shit out of him in your house, the police have the right to knock on your door and ask you about it, but cannot do anything else without being given permission by a higher authority to do so.

                            You see how simple that is? The internet is a public place. Just because you have a computer that connects to it doesn't mean jack. You have a front door, too. Are you going to demand we let you jerk off in public, too?

                            Stop interrupting the adults and go back to your playing with your smart phone.
                            Nothing about your argument was "adult", buddy. If you can't even manage to form a strong, coherent counter-argument, then you should take your own advice.
                            List of things that will never happen:

                            ->Half Life 3
                            ->Project X: Love Potion Disaster completed
                            ->Dargoth MGQ:Paradox complete translation patch
                            ->Panty and Stocking Season 2
                            ->Reboot having a satisfying conclusion
                            ->Ecstasy MGQ NG+ mod being finished

                            Stuff I'm supporting:

                            http://www.ulmf.org/bbs/showthread.php?t=30109

                            Comment


                              #15
                              Re: Net neutrality / HTTPS

                              Originally posted by Ninja_Named_Bob View Post
                              More retarded millennial flailing
                              Your original argument never mentioned such blatant idiocy. So let's take a moment and correct your mistake of thinking that the internet is a public space.

                              FYI the definition of a public space: A public space is a social space that is generally open and accessible to people. Roads (including the pavement), public squares, parks and beaches are typically considered public space. To a limited extent, government buildings which are open to the public, such as public libraries are public spaces, although they tend to have restricted areas and greater limits upon use.

                              Before you tout out some supreme court ruling I'll tell you this: Legal rulings made by ancient fucks that don't understand the technology with the ulterior motive of 'public safety' have no validity.

                              One needs an account with an ISP to connect to the internet barring the special circumstance where they are using free wi-fi granted to them by an account holder, meaning that the internet does not fall under the definition of a public space as it is not generally open and accessible to people.

                              But let's ignore that for a second and say the network on which the internet exists IS a public space, akin to roads, however once you reach a site you've entered a private space just the same as entering a business off of that road. And even in the aforementioned public space of the road, Law enforcement agencies still need probable cause to search your vehicle, and anyone caught rummaging around through it without your consent can still be charged with burglary.

                              How about next we ignore that EVERY site not using .gov is housed on a privately owned server? Sure, without that context, forums could be considered public spaces... except for the fact that you need to create an account and gain membership in order to interact with them. Outside of forums I really can't conceive of any sites being even remotely considered public spaces as they aren't social spaces, perhaps news sites?

                              So if it requires us to ignore all these facts how can one logically view the internet as a public space?


                              Bravo on your attempt to change your argument to something more suitable though, it was thiiiiis close. Keep pushing that mommy and daddy routine though, I'm getting a kick out of imagining you acting it out.

                              As for the only meaningful question you asked: It is up to the user and the site as well as the ISP to maintain privacy, unfortunately 99% of sites don't give a damn about their user's privacy and all of 0% of ISPs do, many even sell usage statistics. Thus the only way to maintain one's privacy (as the corrupt government couldn't give less of a fuck about your privacy) is to maintain their anonymity.
                              Last edited by super_slicer; 29th September 2017, 00:02.

                              Comment

                              Working...
                              X