Housekeeping: TTAG Adds Optional SSL Encryption

To say that RF isn’t technologically savvy is like saying an orangutan is slightly deficient when it comes to high energy physics. They’re both well meaning and eager to learn (especially if bananas/Israeli supermodels are the reward) but sometimes you just need to take the wheel and get a project to the finish line yourself. Which explains why, almost a year after we bought the SSL certificate for The Truth About Guns, you can finally use it (https://www.thetruthaboutguns.com). A few things are a little wonky, like the font not being exactly right, but we’ll iron those out ASAP. You don’t need to use the encrypted version of the site, the regular version will work just fine, but the option is there for those who want to keep their TTAG readership and commenting secure and on the down low.

[UPDATE] We’re having some issues with HTTPS on the main site, so it’s disabled for now. But if you log into the site, all that info will be encrypted and secured before transit. We’ll work on the rest shortly.

comments

  1. avatar Michael B. says:

    I’m a fan.

  2. avatar Marcus Aurelius says:

    I don’t get how that could possibly work. I mean that lock could easily slide off the tail of that “S”

    1. avatar Marcus says:

      This made me snort.

  3. avatar Rabbi says:

    Being equally ignorant, please explain the significance and difference to the end user.

    1. avatar Michael B. says:

      It’s like carrying an extra mag full of 20 rounds of 9mm instead of nothing.

      Or concealed carry versus open carry.

    2. avatar Daniel Silverman says:

      Good question Rabbi,
      The official answer is:
      “Hypertext Transfer Protocol Secure (HTTPS) is a communications protocol for secure communication over a computer network, with especially wide deployment on the Internet.”
      So what does that mean. The fact that I am posting here well it isn’t hard to find my on the interwebbie.
      So to me not much.
      For others it encrypts the communication between TTAG servers and your computer. So if someone is sitting in Starbucks sniffing the network while you are ranting with lots of {FLAME DELETED} on TTAG, they can’t see you doing it.
      This may or may not be important to you, but option are a good thing. I could go a lot deeper than than but it is really the jist of it for you.

    3. avatar Jus Bill says:

      It will make the NSA read the web pages on the web site instead of trying to read them in transit.

    4. avatar Anonymous says:

      Not a lot. The CIA/NSA will only need to click one button to track your statements to your residence. Their supercomputers don’t care about SSL – just ask Snowden.

      1. avatar Jus Bill says:

        Hell, the NSA doesn’t even know how much Snowden has. They have bigger headaches right now…

  4. avatar Leadbelly says:

    Okay – I’m worse off than fearless leader. What in the holy hell are you even talking about? No anagrams, initials, cyber-weenie code talk, please. Plain English.

    1. avatar Marcus Aurelius says:

      It’s encryption. The same sort of encryption that a website uses to protect credit card information from being read by some one else between you and the website.

      Why it’s necessary to encrypt comments that are going to be published in plain text…I don’t know.

    2. avatar Jus Bill says:

      A more secure web connection. And because – spies…

  5. avatar PhoenixNFA says:

    They’re stealing our megahertz!!!!!

    Neat. Coupled with a remote DNS…unstoppable!!

  6. avatar Vhyrus says:

    If your tin foil hat is on that tight, I highly suggest you go download Tor right now and use it for all your ‘sensitive’ online adventures. Otherwise, the only real use for an SSL is if you are engaging in financial transactions.

  7. avatar mirgc says:

    Ok. I’m looking all over the webpage (and my browser, using chrome here). Where is the indication that the sight is secure?

    1. avatar Nick Leghorn says:

      Depends on your browser. For most modern browsers, there should be a small green icon or green text or a lock next to the URL in the address bar.

    2. avatar Jus Bill says:

      Obtain and load the HTTPS Everywhere extension, enable it, and forget all your worries.

      1. avatar JLR84 says:

        The HTTPS Everywhere extension downloads and uses a rule list containing thousands of common sites that support HTTPS. That’s how it decides to redirect you to the secure version of a site, it doesn’t work for every site on the internet automatically.

        Given that TTAG only just got this support hours ago, it’s not going to be in the ruleset yet, someone will have to add it.

        You can write your own rules, which I’m trying to mess around with right now, but every time I try to go to the HTTPS page (even manually) I keep getting redirected back to the regular version of the site. Not sure why.

        If I can get the rule to work I’ll submit it to them for inclusion into the universal ruleset.

        1. avatar Jus Bill says:

          Interesting, because I’m seeing the SSL indicator right now. It may sense the request for a secure handshake and respond accordingly.

        2. avatar Tom in Oregon says:

          I’m still not seeing it at 2230 hrs PST.
          I’ve reset, rebooted…
          I’ll admit, I’m stoopid when it comes to geek stuff.
          (No offense intended to IT folks, they rock)
          Heck, I’m still trying to figure out what tor means.
          I can rebuild a Chevy 350 engine in my sleep, assemble an AR in my sleep, but computer stuff?
          Crap, I can’t even figure out how to log back in to the TTAG forum.

  8. avatar Jeff says:

    the most annoying thing about TTAG has been that for quite some time, the mobile site when viewed on an Android device will ALWAYS try to follow a link if I hold my finger down on it to open it in a new tab, so I end up with a background tab and then the main page is also trying to load that same link.

    1. avatar Jeff O. says:

      And pop-ups for “Your device is compromised! Fix it here!” things.

      1. avatar Jeff says:

        nah I don’t get that, I use Firefox mobile with Adblock. but all of the browsers on android (or just Khtml) has the annoying link behavior

        1. avatar Jus Bill says:

          Wash your hands. The oil on your skin is preventing the screen from properly reading your finger.

          Of course if you’re on the MAIG or MDA site, your finger may be NSFW.

    2. avatar Matt in FL says:

      I have this exact same problem, and I was blaming it on my browser. I really would like the ability to really, actually open links in a new tab.

    3. avatar Frishb says:

      When you long touch a link don’t lift up until you move your finger off the link.

  9. avatar Jeff O. says:

    That is unless you use an HTTPS inspector…which I do at work. 🙂

    It’s good to be the IT King.

    And users are none the wiser.

    Even with mobile or non-school owned devices, because they have to log in to gain access.

  10. avatar Jus Bill says:

    Worried OpenSSL uses NSA-tainted crypto? This BUG has got your back
    http://www.theregister.co.uk/2013/12/20/openssl_crypto_bug_beneficial_sorta/

    Oh good…

  11. avatar Dirk Diggler says:

    Does this mean more Shannon?

    1. avatar Bob Wall says:

      Always keepin’ your eye on the prize, my friend! Stay focused, out there.

      Bob

  12. avatar bobs says:

    The https site redirects me to the http site.
    Hitting “thetruthaboutguns.com” redirects me to “www.thetruthaboutguns.com”.
    I get no “s”, no padlock, and no favicon on Chrome or Firefox or IE.
    Happens on both MS-Windows and Ubuntu.

    1. avatar Scott says:

      This for me as well.

  13. avatar Pascal says:

    Does not work. Going to HTTPS simply redirects me to HTTP

  14. avatar uncommon_sense says:

    I agree with a previous poster … using this security will not impact, in any way, Big Brother’s ability to see and track what you are doing. It is a nice token gesture though. Nothing against TTAG … there just isn’t any way to obscure our activity from Big Brother at this time.

    1. avatar Jus Bill says:

      There is: TOR.

      US Navy (SPAWAR) developed it to anonymize communications. NSA hates the new version (again) because the elves took the backdoor out.

    2. avatar rlc2 says:

      Noticed this in the FindLaw story about the Harvard student bomb-hoaxer:

      “Bruce Schneier, a security expert, posits that the investigators simply obtained a list of people who accessed Tor via the school’s Wi-Fi, then went down the list, name-by-name.

      “This is one of the problems of using a rare security tool. The very thing that gives you plausible deniability also makes you the most likely suspect,” Schneir wrote. “The FBI didn’t have to break Tor; they just used conventional police mechanisms to get Kim to confess.”

      I realize this is a special case- but wonder if just the fact of using Tor puts you on a red-flagged list. I might like to use a VPN while browsing in Starbucks, but I’m told by a computer guy its not that serious a threat, as long as you don’t do your banking, etc- and use https.

  15. avatar Ralph says:

    I’m really excited about SSL.

    What is it again?

    1. avatar Tom in Oregon says:

      Ralph,
      It’s a dating website for those of us in the AMAC, or AARP membership roles.
      Be afraid. Be very afraid.

  16. avatar the ruester says:

    Just what the hell should we have to worry about anyway? Last time I checked we had a first ammendment in this country… (ducks)

  17. avatar bobs says:

    Yes, everything you post here that passes moderation is available for view by anybody. That’s the whole point of a public blog. So it doesn’t matter if your comments are encrypted between your computer and the server.
    But when you login, you really really want your credentials encrypted. Otherwise, anyone who’s listening to the conversation could impersonate you. They could post as you, they could edit your posts, they could delete your posts, they could change your profile so you could never regain control. And if you’re one of the 87.3% of online users (a statistic I just made up) who re-use their passwords on multiple sites, those bad actors could impersonate you elsewhere too. What’s your password on Amazon? on eBay? on your email? on your bank account?

  18. avatar mrT says:

    Thank you for implementing ssl, I wish all sites would offer that option by default.

    Not that it is the final solution to keeping your data safe but it is easy to implement and use. Kind of like putting on your seat belt, it won’t prevent the accident but at least it pushes the odds a little bit more in your favor.

  19. avatar Matt in FL says:

    I dislike SSL only because it allows ads to sneak through my adblocker. Since they’re encrypted in transit, the adblocker doesn’t see them and so can’t filter them. This is true for any site using SSL. I’m getting ads on YouTube as well lately. Happily, I spoke to the devs of my adblocker, and they said https filtering is coming in the next release.

    1. avatar uncommon_sense says:

      Ooh. That sounds enticing. Can you send me an e-mail with the name of the software?

      1. avatar silicon n guns says:

        NoScript will block everything but html ads. be aware that it may disable some menus.

      2. avatar Matt in FL says:

        Oh, somehow your request slipped by me. The program I use is called AdMuncher, but I’ll warn you, it’s not free. I’ve been using it for well over 10 years, and back when I bought my copy it was significantly cheaper. However, it’s been rock-solid for all that time, it’s very configurable, and as indicated above, when I have an issue, help is a quick email away. When I wrote to ask about the https issue, I got an email back in a half hour, at 3 a.m. (Results may not be typical.) I highly recommend their program.

  20. avatar Yngvar says:

    What I like about SSL is that the powers that be can’t snoop on which articles I click on. Can’t hide that I’m reading this site but they’ll be unable to build up a profile of what subjects I’m interested in.
    Not paranoid, but…

    1. avatar rlc2 says:

      Can you get same effect with NoScript, Do Not Track and Ghostery?

    2. avatar Matt in FL says:

      What powers that be? Employers? The government? You’re fooling yourself if you think a little SSL makes any real difference to either of them. They both have plenty of ways to keep track of you, should they desire.

      1. avatar Yngvar says:

        The government. They’re not interested in me per se, but use automated tracking systems (Google have shown the way!). When they run sweeps on interests/topics and pull up profiles… I wont be there.
        I like that and use SSL wherever I can.

  21. avatar Louis says:

    Where do we download the certificate?

  22. Damos préstamos personales en el ranhgo de 5.000 euros
    a 100 euros.

Write a Comment

Your email address will not be published. Required fields are marked *

button to share on facebook
button to tweet
button to share via email