Airliners.net is a terrific forum and now run by a large forum company, Vertical Scope. There is ZERO excuses as to why Airliners.net is not HTTPS/SSL secured.

In this day in age, all logins and posts should be encrypted/secured. People deserve the green lock. =)

No response?

Hi

I'll check with the developers and verticalscope and get back to you with an answer

Regards

Paul

Heya Maksfly

We are working on a network-wide rollout on this, no ETA yet but it is in the works.

Google recently change their rating system hence why you see the notice. However, our sites are safe and other latest security precautions have been applied.
https://motherboard.vice.com/en_us/arti ... rome-https

Jeff M

I just realized the same thing. It's been 9 months. It may not be a 5 minute job to implement HTTPS on a large site, but 9 months is a bit too much isn't it? I agree with the first poster, there is ZERO excuse. "Our sites are safe" is not enough, if I am logging in via HTTP my credentials are still being sent to the server in plain text.

rebr wrote:

I just realized the same thing. It's been 9 months. It may not be a 5 minute job to implement HTTPS on a large site, but 9 months is a bit too much isn't it? I agree with the first poster, there is ZERO excuse. "Our sites are safe" is not enough, if I am logging in via HTTP my credentials are still being sent to the server in plain text.

I have to agree, safety and encryption is not the same thing. There are plenty of free SSL solutions which are community driven and open source. One of the best is Let's encrypt and https://certbot.eff.org/ offers an easy to install for everyone solution. There are many sites outthere that are maybe more complicated in terms of infrastructure / hardware.

I always wondered why such a large forum run by a company is still not using SSL these days. Even all logins are unencrypted.

No update?

This is literally the very last site I use on a semi-regular basis that has not yet gone to HTTPS. It can now be done for free. Modern browsers will bark at you before you submit a password to an unencrypted connection (because it's a very bad idea).

A while back I submitted a few photos here and was rewarded with a laundry list of reasons why my photos were not absolutely perfect and were therefore unacceptable. Suppose we held the people who actually run the site to the same standard of perfection... wouldn't that be an interesting experiment?

metaldirtnskin wrote:

This is literally the very last site I use on a semi-regular basis that has not yet gone to HTTPS. It can now be done for free. Modern browsers will bark at you before you submit a password to an unencrypted connection (because it's a very bad idea).

A while back I submitted a few photos here and was rewarded with a laundry list of reasons why my photos were not absolutely perfect and were therefore unacceptable. Suppose we held the people who actually run the site to the same standard of perfection... wouldn't that be an interesting experiment?

We've been waiting literally years for simple emojis and quote functions. What makes you think they're ever going to implement something that secures user's data?

Its not going to happen folks.

CCGPV wrote:

metaldirtnskin wrote:

This is literally the very last site I use on a semi-regular basis that has not yet gone to HTTPS. It can now be done for free. Modern browsers will bark at you before you submit a password to an unencrypted connection (because it's a very bad idea).

A while back I submitted a few photos here and was rewarded with a laundry list of reasons why my photos were not absolutely perfect and were therefore unacceptable. Suppose we held the people who actually run the site to the same standard of perfection... wouldn't that be an interesting experiment?

We've been waiting literally years for simple emojis and quote functions. What makes you think they're ever going to implement something that secures user's data?

Its not going to happen folks.

I suppose you used to have another account as you have been waiting for years for emojis. Not sure what emojis you mean as the classic airliners.net emojis are all there, and have been for the last year and a half.

Quoting is phpbb standard, and we are looking into if it can be changed. However, there is a priority list, and there are some crew tools that reallly have higher priority than the quote function I’m afraid.

JohnKrist wrote:

CCGPV wrote:

metaldirtnskin wrote:

This is literally the very last site I use on a semi-regular basis that has not yet gone to HTTPS. It can now be done for free. Modern browsers will bark at you before you submit a password to an unencrypted connection (because it's a very bad idea).

A while back I submitted a few photos here and was rewarded with a laundry list of reasons why my photos were not absolutely perfect and were therefore unacceptable. Suppose we held the people who actually run the site to the same standard of perfection... wouldn't that be an interesting experiment?

We've been waiting literally years for simple emojis and quote functions. What makes you think they're ever going to implement something that secures user's data?

Its not going to happen folks.

I suppose you used to have another account as you have been waiting for years for emojis. Not sure what emojis you mean as the classic airliners.net emojis are all there, and have been for the last year and a half.

Quoting is phpbb standard, and we are looking into if it can be changed. However, there is a priority list, and there are some crew tools that reallly have higher priority than the quote function I’m afraid.

Yeah I had a username for probably 10 years and I forgot the password for so I just came up with this one.

The emojis came back a long time after the "upgrade." Good to see all the work being done on the back end first so all the frustrated users posts can be moderated more easily.

Its not like a simple quote function that we use many times a day should be a priority or anything.

CCGPV, we would gladly have assisted you in retrieving your account
The emojis were added about three months after the launch of the blue site. In development cycles that is not too bad counting in all the issues implemented by DM’s manager back then.

And yes, some backend work has been implemented on moderator tools, but even more has been done to other parts of the site. Quoting is not a do or die feature compared to crashes, server instabilities, database maintenance tools and so on. Irritating as it is, that is fact,

For those commenting on the availability of free TLS certificates from sources like Let's Encrypt, sure you can get the certificate for free, but there's more to it then just getting the certificate. Way back when the site was just a server in Johan's dorm room that would probably have been pretty straight forward, but I imagine now there's a bit more complexity behind the airliners.net server infrastructure these days and a simple Let's Encrypt automated certificate might not be good enough.

But I agree this is getting a little bit silly and I also think this site is about the only one I go to that doesn't do https.

Airliners uses Akamai, they should issue a SSL certificate from them!

hawaiian717 wrote:

For those commenting on the availability of free TLS certificates from sources like Let's Encrypt, sure you can get the certificate for free, but there's more to it then just getting the certificate. Way back when the site was just a server in Johan's dorm room that would probably have been pretty straight forward, but I imagine now there's a bit more complexity behind the airliners.net server infrastructure these days and a simple Let's Encrypt automated certificate might not be good enough.

But I agree this is getting a little bit silly and I also think this site is about the only one I go to that doesn't do https.

Do you know why A.net does not use SSL?

Heya all,

This is on our radar for 2018, we are moving sites to the cloud and then plan to start rolling out SSL network-wide.

It is a not an easy quick fix for sites like this which have huge amounts of content and have so much custom work.

We are currently testing and refining the rollout procedures but no ETA as of yet. I will update Paul and you guys once I have an ETA

Jeff M

SSL is not something to take lightly, you may think a site is safe just because they are encrypted, when it actually is pretty easy for Someone with knowledge to pick up your data. An example if this is that Google Chrome is blocking sites with Symantec PKI, ie sites that have implemented, for example, Thawte and Verisign SSL certificates.

JohnKrist wrote:

SSL is not something to take lightly, you may think a site is safe just because they are encrypted, when it actually is pretty easy for Someone with knowledge to pick up your data. An example if this is that Google Chrome is blocking sites with Symantec PKI, ie sites that have implemented, for example, Thawte and Verisign SSL certificates.

One has nothing to do with the other.

Chrome is blocking sites with Symantec certificates because Symantec had systemic compliance failures with the CA/Browser Forum guidelines for how a CA should operate. It had nothing to do with inherent problems in the SSL/TLS protocol. Yes, there are problems with SSL, so you should be supporting only TLS 1.2 or later. But it had nothing to do with Symantec.