Motherfucker. It's two thousand fucking seventeen. You can get a free ssl certificate for any website.

Then WHY are there still some fucking websites which contain login portals, sensitive information or anything that SHOULD be protected in transit WITHOUT FUCKING SSL?!

I hope that the people who manage those sites and are AWARE that they can get a free cert but don't do that die in agonising pain.

This really fucking pisses me off.

On another note, EVERY site should have SSL, it's free anyways and protects your visitors from a range of threats.-

*cough*TLS*cough*

@theuser Yeah I know, still a habit of mine to call it ssl :P

Yes!

My school's website has no SSL and it hosts a moodle platform which we are forced to give homeworks or stuff like that and also a lot of people log in in the school network, anyone could do a basic MitM attack and steal half the schools passwords

@MatiasConTilde And in the case of public websites with 'public' information, what do you think, ssl/tls needed?

@linuxxx Well, it's obviously always better to have it, but in that case it's not really necessary

@MatiasConTilde But take the following in mind:

When not using SSL, this can happen:

- isp can insert tracking supercookies
- on any network, someone could inject shit into that site (when loaded to your device) containing exploits
- NSA quantum insert becomes very easy
- altering the information becomes eaay

Although there are free options now the implementation to get it is not very dummy-friendly. And we know how the whole online is full of dummies. Needless to say not all hosting service providers provide that free service.

But I think things will get much better soon due to technology advancement and the better understanding of security. All websites might follow those standards by 2020, probably. 🤞

@mrlinnth Look at the second paragraph - 'and are aware that they can get a free cert'. Aimed at those people :)

@MatiasConTilde in this information age, the integrity of the information has become a critical factor. So even if the information is available to public, it shouldn't be publicly tweak-able.

@linuxxx @mrlinnth oh yeah I was only thinking about the information sent from the client to server, not the other way around, so yes, it should be everywhere

*installing SSL on my static site*

That's a thing that makes me angry all the time. I was helping someone with his WordPress page and the company which made it didn't host it with tls support. So I used two factor authentication for some time as the only working security measure until I could move it to another hoster.

Turns out, their WordPress design doesn't even support TLS without adjusting the source code (there were javascript files embedded over http and the http part of the domain was hard coded, so the browser will refuse to load them inside a TLS page).

Seriously, hosters even offering blogs (or anything with login) without TLS should just be taken down.

The company I work for has its hosting service bill at the end of the year and luckily for them, it's cheaper to run with SSL 👍👍

SSL certificate - free
Hosting tier with SSL on Azure - very expensive

@LynxMagnus In this day and age I find it highly irresponsible if you don't use a secure connection. Then I'd just host my stuff somewhere else :D

@linuxxx I agree that all connections should be secure, but I was highlighting there's a lot more to consider other than the cost of a certificate.

About a year ago i realizes my hosting provider gives free ssl and force https just out of the stackcp panel, super easy to enable. I am happy.

Even my public blog made with pelican has it enabled.
Best part is, as a reseller, I do offer free ssl too :)

Just read few moments ago that one of our local ISPs hijacked http connections. Please use https :)

@MatiasConTilde wait are you on my high school or something?

@MatiasConTilde don't forget that without a ssl encryption, man in the middle is super easy

@epse yeah...

@incognito Of course, but I was thinking that it would only be a problem if you are submitting some information (password) to the website that could be intercepted. But with "normal" sites it's also dangerous becouse you could get presented false information

@MatiasConTilde some crappy one in Belgium? 😉

@epse mmm no

@MatiasConTilde sounded like it 😅