Why no https?

>Dear diary, today I made the same thread again on Jow Forums.
>Hopefully by now they think it was a troll and not my own genuine stupidity
>praise kek based red pilled shadilay

So the glow in the dark CIA agents of African descent can see what computer parts youre looking to get of course

>implying they haven't already

Why would u need one?

>https everywhere
I have never seen an actual argument against it.

Well the availability of plain HTTP does lets people in retro threads shitpost with 68020s and 80486es.

whynohttps.com

But it does. It just defaults to http so n00bz like you can get caught when someone posts content illegal in whatever shithole country you're from.

It is.

You mean why isn't it HTTPS by default, which it should be.

What info do you give to Jow Forums that you need protected?

>https

THIS DOES NOT DO WHAT YOU THINK IT DOES. HTTPS everywhere is the most retarded meme of the century.

settings on top right > miscellaneous > always use https

What info do I need to give to Jow Forums that you need not protected?

Any website created in 2007 and before, if still online should be blocked by Chrome because that website exist before of SSL obsession

Nothing you give to Jow Forums is worth the overhead.

want to expand on that, bucko?

>2018
>ssl
>overhead
Get yourself a better computer

Attached: dt950624dhc0.gif (1200x364, 61K)

This is completely incorrect. HTTPS is relevant everywhere since it provides assurance that the code you are running in your browser wasn't modified by a third party.

Jow Forums
Mac mini
Where the fuck have you been?

Emma Watson posted this thread. Ignore it.

>4 mac minis
>ssl
>overhead
That was just moot being a nigger, not ssl being costly.
Not that hiroshimoot is any better.

It's an anonymous image board, you faggot. What could you possibly want to keep private?

TLS termination overhead is more of a concern for the server than the client, but Cloudflare's edge controllers probably have hardware TLS offloading anyways.

Why hasn't Hiroshimoot made it so all traffic is HTTPS? It's probably cheaper to just leave it the way it is....

Your blog is shit. https everywhere is used by Tails, the most private Linux distribution.

It's anonymous for a reason. You want to make sure your posts STAY anonymous.

Explain why

>Your blog is shit
Dont know what you read. I dont have a blog.
>Tails, the most private Linux distribution.
lol

it is stupid

If you don't use TLS, your ISP and any other party between your computer and Jow Forums's servers can see the plaintext content of your post.

What does this even mean?

uuuuuuhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh

Attached: Screenshot_20180724_220223.png (957x987, 136K)

Jow Forums does not use HTTPS by default. You're using Jow Forums X which I believe redirects all HTTP Jow Forums board addresses to HTTPS.

>the plaintext content of your post
Ooooo, top secret.

It's confirmed botnet.

tor browser and tails bundle it
made by eff
botnet?

>HTTPS is relevant everywhere since it provides assurance that the code you are running in your browser wasn't modified by a third party

Only matters if you're using public wifi and for that you're better off VPN'ing into your home network.

Doesn't hide that you're on Jow Forums. You can infer what antisemitic images/threads you're viewing by fingerprinting their sizes. And then correlate your posts by post time.

>tor
>created by cia niggers
totally not spying on you in any way, shape or form

they are but in the manner you're suggesting. read snowden docs if you want to educate yourself.

>Why hasn't Hiroshimoot made it so all traffic is HTTPS? It's probably cheaper to just leave it the way it is
/dis rite hear
this site been had compromised
why fix an exploit you are currently using?

There's literally an option in the settings drop-down menu
How fucking retarded are you guys? Is this your first year here? We literally got a new fancy extension which gives you https, alerts, allows you to image hover, etc. Top right corner^^^^ Or you can just use 4chanx/derivatives as always.

how are people this retarded allowed to live, much less post on Jow Forums

Attached: newfag scum.jpg (491x693, 60K)

Are you guys retarded? Even with https if you posted something that would need to be examined legally Jow Forums logs the IP behind a post. There's no reason to use https because everything you send to the site is publicly visible. Https only covers you from your ISP and sniffers from being able to read what your IP posts. If you want to avoid that then the proper way is to use a VPN or a proxy server. I don't have a pass or use a trip but if someone who does wants to check whether the POST request that sends that info uses https when connected to the http version of the site then be my guest. Those are the only two normal reasons you'd want to use https on Jow Forums.

Do your have proof? Serious request.

>tor
>created by cia niggers
It was funded by the military.

>There's no reason to use https because everything you send to the site is publicly visible.

HTTPS ensures the guys in the middle (e.g. your ISP and others) can't successfully tamper with the data being sent to you and maliciously inject code that works against you into the page.

are you retarded?

Attached: Screenshot_2018-07-25_09-23-40.png (1274x33, 18K)

http without encryption is far more efficient. http sites can be cached by transparent caching servers, while saving circuitry cycles at each end (server and client). Unencrypted connections allow monitoring what is being sent by using software like wireshark. Is google tracking every cursor movement on screen and sending it back to google servers? You won't find that out anymore - google switched to encrypted connections. So that you cannot know what's really going on. In the name of security (or was it safety?).

It fits perfectly into the narrative that google tries to demonize unencrypted traffic using their in-house, financed by ad-tracking money browser chrome in the next upcoming versions.

Was I saying pr indian buddhist ceo controlled google? Of course I meant war machine producing company alphabet.

It's weird to think that I once liked google.

Attached: 1532314428991.png (216x366, 40K)

not only that but https prevents them from seeing the traffic aside from the domain name. they can't even see the board you're on

If you don't mind what happens in places like AT&T's Room 641A, then unencrypted HTTP is for you.

en.wikipedia.org/wiki/Room_641A

Attached: Room_641A_exterior.jpg (833x625, 83K)

Linux is just a kernel, you meant GNU/Linux.

>Doesn't hide that you're on Jow Forums.
No fucking shit.

>You can infer what antisemitic images/threads you're viewing by fingerprinting their sizes. And then correlate your posts by post time.
And that's straight up bullshit, mostly due to use of things like gzip compression.

It's not what you post, but what others post. If someone posted CP or something illegal you could be on the hook just for having viewed it. HTTPS prevents that from happening.

>YOU COULD EVENCHUALLY A PEDO!!!!1

Like clockwork.

Do it manually.

This. Delete everything related to Jow Forums from your browser history and manually type the URL starting with https. From then on your browser will autofill with the https URL.
Alternatively, bookmark the https version of the homepage or whatever boards you frequent.

Click settings
save settings
export settings
bookmark exported setting url
about:home
clear browser cache
click bookmark
All your preferences come back except pic related.
wtf anonymous ## dev? wtf?

Attached: CopyQ.jd2103.png (277x50, 5K)

or just check the "always use https" option built into Jow Forums you fucking brainlet retards

>http without encryption is far more efficient.
Performance used to be a good argument for avoiding HTTPS back when your web server was a dual Pentium Pro. It hasn't been more than a single-digit performance burden for a decade. Especially if your server has AES-NI, which everything since Westmere in 2010 has. If you're targeting a potato client that has no AES-NI, you use chacha20.

>Unencrypted connections allow monitoring what is being sent
That's kind of the point of encryption, stopping a passive monitor from reading the traffic. By the way if you want to find out what JS is doing your browser and its interpreter is entirely under your control.

There's actually already a proposal for encrypted SNI that would shut that hole too.

Hi. I'm part of the fucking IETF TLS working groups, and the IRTF CFRG that argued about the right crypto primitives for quite a while.

Unencrypted https can be cached by transparent caching servers. That is bad. We hate middleboxes: they fuck up the internet in ways the peers can't control. Example: This week alone, transparent caching servers across Singapore mobile networks which didn't obey Cache-Control leaked over 100,000 accounts.

Unencrypted connections allow unauthorised monitoring by anyone on the network. That is bad. If you're authorised to monitor something, your Wireshark could use a TLS man-in-the-middle with an internal corporate or personal CA key that the client trusts. They even allow modification by anyone on the network. That is worse. Example: China can inject malicious JS to DDoS sites.

The deprecation of plain HTTP is planned by every major browser. Google's first to move. Firefox is next. Edge is going to be a little after that. Apple never talks to anyone about what they're doing, if they even know what they're doing, so we don't know about Safari.

TLS everywhere is what we're doing.

After a lot of argument about the right way to do it, encrypted SNI prototypes are now being pushed out, with CloudFlare's help. When that work is finished and deployed, not only could DNS over HTTPS (DoH) shield your DNS lookups from network path attackers, SNI fields will only be readable by the server, which removes the last plaintext indication.

Of course dedicated servers would be identifiable by IP address (you'd need Tor or another overlay network for that) but any connection to a CDN like Cloudflare, like Jow Forums uses most of the time, would have at least some anonymity set due to the groups of sites hosted on the same IP addresses.

Nope, CloudFlare does not use hardware TLS, I spoke with Nick Sullivan about this. They use software, which is easily fast enough when well-optimised. They host on (optimised) Linux.

>saving cookies

Attached: 1508957253178.jpg (766x720, 71K)

>The deprecation of plain HTTP is planned by every major browser
This is a good thing. HTTP is an obsolete protocol of the past when the network it operated on was assumed to be secure. Today you'd never connect to a terminal over the internet with telnet, so why browse the web in plaintext http?

see

>all of your preferences come back except [always use https]

You do realise there are luddites on this board who, indeed, would connect to a terminal over the internet with Telnet.

Nope.

Are DNS-over-TLS and DNS-over-HTTPS gonna live on as two parallel things, or are you trying to replace the former with the latter?

It is, you've been sending your racist posts on Jow Forums over http like a retard. That shit is 100% logged somewhere and you're now on multiple lists. However, it's easy to redirect port 80 to 443 with literally any web server so why Jow Forums isn't doing this doesn't really make sense.

Not him, but DNS over TLS is the future. I wouldn't be surprised if it was supported natively in GNU/Linux relatively soon and will eventually make it's way to Windows. Stubby is easy to use and works great with cloudflare, which already supports DNS over TLS.

I honestly kek'd

Attached: 1529460304224.png (387x424, 362K)

/thread

Stop replying to this thread.

Underrated

There is, chinkmoot just didn't configure the HTTP server to redirect unprotected requests. Probably because one or two of his spying JSes are available only through HTTP channel.

do you even know how tor works? fucking basedboy conspiracy hack who can't into technology

There is https, you just have to enable it by typing https in your URL bar.

>Doesn't hide that you're on Jow Forums.

Attached: 1504390989498.png (488x463, 28K)

use 4chanx friend

This is weird. My Jow Forums is and always has been https, I don't have to do anything special to make it so.

lurk more

>you could be on the hook just for having viewed it
No sane judge would ever sign a search warrant just because they know a particular ip address received an image. In all likelihood the search would turn up nothing. They don't go after people for accidentally viewing an image on Jow Forums.

But it is.
Use an extension like HTTPS everywhere to make sure.

based chrome 68

Attached: _102670477_warnings.jpg (624x447, 42K)

>falling for the FUD
retard

You're getting sslstrip'd

LOCK HER UP