Why does my browser suddenly say "Not secure" ?

Here are summaries and links to discussions for Frequently Asked Questions.

Moderators: rjlittlefield, ChrisR, Chris S., Pau

rjlittlefield
Site Admin
Posts: 23561
Joined: Tue Aug 01, 2006 8:34 am
Location: Richland, Washington State, USA
Contact:

Why does my browser suddenly say "Not secure" ?

Post by rjlittlefield »

Question: Why does my browser suddenly say "Not secure", when I start to login at photomacrography.net?

Short answer: because your browser has changed. It is now explicitly calling your attention to an issue that has always existed.

As background, note that there are two different protocols commonly used to access the Internet: HTTP and HTTPS. The first one, HTTP -- Hypertext Transfer Protocol, was the original protocol for fetching pages and submitting forms. It's very flexible and very efficient, but it's also vulnerable to eavesdropping because all information is sent "in the clear". HTTPS is the Secure version. It's basically just HTTP, surrounded by an encryption layer that prevents eavesdropping.

HTTPS is a more expensive protocol, both in computer resources and in real dollars out of pocket to rent those, so photomacrography.net has always used basic HTTP. This means -- and has always meant -- that if anybody goes to the trouble to eavesdrop on your computer, they can easily learn what password you are using at photomacrography.net.

What has changed now is that, in response to increased concerns about password theft, the folks who build browsers have modified their products to raise an alarm whenever they see that a password may be passed via HTTP instead of HTTPS. At this time the alarm is just a bit of plain text that says "Not secure". But I fully expect that in coming months the text will become orange and then red, in a not very subtle attempt to get every website to upgrade to HTTPS.

I'm quite sure that at some point photomacrography.net will be moving to HTTPS.

However, that move is more costly than it might seem at first glance. To support HTTPS, we need an SSL server certificate, which requires a fixed IP address, which requires a level of service above what we're currently paying for. It's a fair bit of messing around and dollars out of pocket, perhaps best accomplished in combination with some other upgrades that we've been considering. More thinking required...

In the meantime, be aware that nothing has changed except awareness of our long-standing insecurities ( 8-[ ).

This would, however, be a good time to check how you're managing your passwords. Using the same password on more than one site is never a good idea, and it's a particularly bad one for sites that are still using non-secure HTTP, like this one.

--Rik

rjlittlefield
Site Admin
Posts: 23561
Joined: Tue Aug 01, 2006 8:34 am
Location: Richland, Washington State, USA
Contact:

Post by rjlittlefield »

Update: photomacrography.net now supports access by HTTPS .

This is accomplished through our Internet service provider's recent utilization of the "Let's Encrypt" service/capability, which allows every website on a shared server to have its own SSL certificates, free of charge and very convenient to maintain.

Further information about Let's Encrypt can be read at https://en.wikipedia.org/wiki/Let%27s_Encrypt .

Anyway, if you'd like to get rid of the "Not secure" warnings, just edit the address bar in your browser to insert "https://" at the front of the URL, and re-visit the page. The warnings should be gone when the page finishes loading.

Note that your browser's history probably considers URLs beginning with http and https to be different from each other. If it does, then switching to https will cause forum index pages to look as if you haven't read any of the topics, even if you really have.

--Rik

Lou Jost
Posts: 5943
Joined: Fri Sep 04, 2015 7:03 am
Location: Ecuador
Contact:

Post by Lou Jost »

On a plant forum that I used to be on, the expenses for little things on the server began to mount up to the point where the owner of the site began to consider shutting it down. But the participants valued that forum and offered to pitch in with voluntary small donations. If you ever feel that the expenses are no longer worth it for you, I hope you'll consider that route. I am sure enough members value this forum sufficiently to help with the expenses of maintaining it.

NikonUser
Posts: 2693
Joined: Thu Sep 04, 2008 2:03 am
Location: southern New Brunswick, Canada

Post by NikonUser »

Lou's idea sounds OK for me.
NU.
student of entomology
Quote – Holmes on ‘Entomology’
” I suppose you are an entomologist ? “
” Not quite so ambitious as that, sir. I should like to put my eyes on the individual entitled to that name.
No man can be truly called an entomologist,
sir; the subject is too vast for any single human intelligence to grasp.”
Oliver Wendell Holmes, Sr
The Poet at the Breakfast Table.

Nikon camera, lenses and objectives
Olympus microscope and objectives

zzffnn
Posts: 1896
Joined: Thu May 22, 2014 1:25 pm
Location: Houston, Texas, USA
Contact:

Post by zzffnn »

I will surely contribute. Where should I send my paypal to?

rjlittlefield
Site Admin
Posts: 23561
Joined: Tue Aug 01, 2006 8:34 am
Location: Richland, Washington State, USA
Contact:

Post by rjlittlefield »

No worries... We'll pass the hat if finances ever become a problem.

--Rik

Lou Jost
Posts: 5943
Joined: Fri Sep 04, 2015 7:03 am
Location: Ecuador
Contact:

Post by Lou Jost »

Don't hesitate.

zzffnn
Posts: 1896
Joined: Thu May 22, 2014 1:25 pm
Location: Houston, Texas, USA
Contact:

Post by zzffnn »

So Rik has been paying the bills for the existence and maintenance of this forum, all by himself? We should really take our own responsibility, if that is the case.

An audio forum I used to go "went commercial" a few years ago and it was no longer a pleasant place to be (like how it used to be). That site slowed up a lot, as lots of ads re running all the time, all over the pages. I would gladly pay to remove all that.

Post Reply Previous topicNext topic