Why is Jow Forums not secure?

Why is Jow Forums not secure?

Attached: Selection_165.png (553x148, 18K)

Other urls found in this thread:

security.stackexchange.com/questions/64814/how-to-get-private-key-used-to-decrypt-https-traffic-sent-and-received-from-my-o
myredditnudes.com/
twitter.com/NSFWRedditImage

>???????????

Attached: wut.png (277x60, 2K)

because you're connecting over HTTP instead of HTTPS. install https everywhere and go back to Jow Forums.

Ye, it worked.
Still, why is http the default?

i don't know. maybe it's on purpose, maybe no admin cares enough to turn on the redirection to https, maybe there's some technical reason

Attached: Capture.png (1308x1077, 186K)

>implying I keep cookies

This. Why the fuck should I have to install an extension just because the site admins are too incompetent to configure their hsts settings? Jow Forums is literally the only site I regularly browse that has this problem.

it's very secure

see

you've attracted some attention. redirect through glowinthedark servers

it's not an extension

Hiro is a jew who doesn't allow a proper HSTS header, so you have to add the s manually everytime or install HTTPS everywhere or change the settings and keep a cookie.

How is Jow Forums x not an extension?

Oh nvm, that screenshot is just the vanilla site settings. Point still stands though, it shouldn’t be a frontend facing setting, https redirect should be configured server side.

thats not x, thats in settings in top right

it's been there for years

Attached: d27.png (645x729, 75K)

And it’s useless, because I browse in incognito mode almost exclusively, so the settings are reset every time I open a new window.

I agree, but I guess there's nothing wrong with installing HTTPS Everywhere anyway...

>Shiggy diiggy I need HTTPS on a public image posting board that does not require login information

To make it easier for three-letter-agencies to spy on you.

>what is isp packet sniffing

Get off your mom's laptop.

>I browse in incognito mode almost exclusively
too afraid of mom finding your shitposts, right

Don't post illegal content plus

>Everything you read here is work of fiction

because /tv/ at 3 am is basically a CP sharing board

it got bullied at a young age

>post ironically about how much I hate niggers on Jow Forums
>isp keeps automated database of these posts tied to my identity
>get automatically rejected for every job from now on because the us has no data privacy laws and isps are free to sell my data to anybody, including background check companies

#onlyyou

Why not just connect to https instead of typing in http

This but unironically

Attached: 0OdeRLW_zpsjizbve0g.jpg (388x525, 63K)

/thread
Just go browse Reddit.

>Why is Jow Forums not secure?
Probably because of the people in Jow Forums.

?

Attached: excuse me.png (330x166, 8K)

Instead of ironically hating niggers on pol just unironically love on crackers

>>post ironically about how much I hate niggers on Jow Forums
>going on Jow Forums
you deserve it

an app like httpseverywhere can't set pages to be encrypted if they are not already

>I don't know how it works

Jow Forums is constantly on the mind of you faggots

Go back to /reddit/

"app"
nigger look at OPs picture

This. Jow Forums is a containment board for speed limit IQ demagogues.

be careful with the word you're using. App is basedspeak.

http is superior when it comes to optimization and responsiveness. http content can be compressed by your ISP to provice you the content with less data. happens in opera browser, for example. http packets/sites can be compressed by up to 98%, https cannot be compressed.
https is needed for security, e.g. when logging into stuff or paying. everything that is private should be https.
public data does not need http, au contraire: when an ad tracker like google uses https, you cannot deep inspect the packages anymore and see what is really being sent back. why do you think recaptcha cannot be solved by a script? because everything it does is encrypted! nobody knows what a package must look like so that one could simply spoof a request with a solved captcha without actually solving it.

that, and their ads, is the number one reason why google, the creator of chrome browser, pushes for https instead of http: they don't want you to know what stuff like e.g. google analytics or recaptcha really does. does it record your mouse movements? nobody knows. does it record everything you type on a website? it is technically possible, but does it do that? nobody knows.

tl;dr https makes sure it's only you that is getting fucked

protip: almost all http sites support https, simply add the s into the url bar. automate it with smart https or https everywhere

Attached: 77454-1920x1080.jpg (1920x1080, 203K)

Why do you give a shit about requiring encryption overhead on a Nepalese basket weaving forum?

Because it's Jow Forums.

>goes on Jow Forums
>incompetent when it comes to technology
What a surprise!

Attached: 1506863207024.jpg (272x385, 26K)

>that, and their ads, is the number one reason why google, the creator of chrome browser, pushes for https instead of http: they don't want you to know what stuff like e.g. google analytics or recaptcha really does. does it record your mouse movements? nobody knows. does it record everything you type on a website? it is technically possible, but does it do that? nobody knows.

This is some tinfoil hat bullshit. You can obtain the SSL private key created for a connection from Chrome and use Wireshark to decrypt the trafic in the pcap you took of this super scary, unknown traffic.

Link me please to where it is laid open what google ads and google recaptcha send back.
Come on, Mr. Hackerman, 7 billion people are waiting.

Why not look for yourself faggot.
security.stackexchange.com/questions/64814/how-to-get-private-key-used-to-decrypt-https-traffic-sent-and-received-from-my-o

cause this is a big ol honey pot

Attached: 8b837323245b712242b76131e85eb7100785018d86c203f1b506a06b336a4fe0.jpg (3840x2160, 1.46M)

>basedspeak
What?

I wasn't asking about how to decrypt https in general, I was asking where it is laid open what google ads and google recaptcha send back to google servers, considering they use obfuscated js in combination with encryption.

stop being a corporation apologist (let me guess, you arent even on their payroll) and stop evading my question.

Guess what, loudmouth retard: You cannot link me to it, because there is nowhere where it is laid open.

generally speaking, here's your

I gave you the tools you need to have a look yourself. It's not my problem if you don't have the knowledge to actually use it. I'm not going to do it for you and link you to somebody who's done it themselves. If you really want to see you're on your own fucker.

I'll be waiting to hear what you found and if it proves your alarmist theories or not.

what a stupid motherfucker

"damn hes right fuck hurr then do it youself hurr durrr"

Attached: 1507085701112.png (469x452, 200K)

Oh shit, did I just get called out by a dumbass frog poster? You edgy fags are the dumbest pile of shit I've ever seen.

This fucker says nobody knows what Google is doing, that it's obscured by https. Now he can decrypt that https and see exactly what it communicates. But oh no the JS is obscured and I want to know what the values it's sending may be? Obscured JS may be difficult to trace but it's completely possible. He has everything he needs to look for himself. I'm not going to do it because really I don't give a fuck what Google does, and apparently nobody else really does either. I can't stand stupid conspiracy theories about how https is being pushed because it "hides" what Google is doing. I'm saying that no, it really doesn't.

welcome to Jow Forums

nice link, faggot

if you don't like 4chanx you can still enable https anyway

Attached: file.png (1014x762, 192K)

WTF
i just installed it and now everything is pretty much instant, almost no lag compared to before (im on ethernet connection)
why the does nobody bring this up ?

See op's pic you dumb fucking faggot and head back to your cancer Jow Forums

If you specify https in Jow Forums settings, export settings and save as bookmark, every time you open that bookmark you need to click settings and click save, or else that checkbox reverts to unchecked.
>wtf up with that?

>what is cache

Doesn't make any difference if you delete cache and restart browser. Still does it.

there is nothing to hide everyone knows OP is a fag

https is a fucking meme
im not fucking paying 399 usd for a fucking ssl certificate

i just reread your first post. sorry you are just dumb

ayy lmao baited me good you did sire, have a shilling for your efforts

So why the fuck does every other pref stick, custom css, quote, thread monitoring, but not https?

Then get a free one, retard.

t. redditor