This forum is in permanent archive mode. Our new active community can be found here.

Firefox could soon block FRC.

Mozilla announced on their blog that their Firefox browser will soon phase out access to non-secure HTTP websites. Any website that isn't HTTPS could be blocked. Pretty soon, FRC could see a decrease in visits by Firefox users who are unaware of the upcoming change. Is there a way we can encrypt this site?

Comments

  • The change probably isn't rapid enough to be immediately concerning, and the forum at least will probably have SSL set up by Vanilla.
    Relatedly, a few versions from now Chrome's changing their UI to call out non-SSL sites as insecure.
  • Like does a site have to be 100% SSL requests, or just login transactions, or what?
  • MATATAT said:

    Like does a site have to be 100% SSL requests, or just login transactions, or what?

    Yeah doing it for websites that don't have any user data seems like kind of a waste of time and energy.
  • This is patently absurd.
  • edited May 2015

    MATATAT said:

    Like does a site have to be 100% SSL requests, or just login transactions, or what?

    Yeah doing it for websites that don't have any user data seems like kind of a waste of time and energy.
    Especially like really small static websites people will do for promotions and whatnot.
    Post edited by MATATAT on
  • I like the idea of all web traffic being encrypted.
  • I don't like the idea of raising the overhead and technical burden to getting on the web as a content publisher.
  • Overhead? I didn't think opening an SSL connection had that much overhead.
  • It's a bit of a bitch to set up and certs are expensive.
  • I doubt it'll raise technical burdens that much. Most of the website-building-as-a-service sites (e.g. Wordpress, Squarespace) will just add SSL management to the services they already provide. It may require extra effort from people who self-host though.
  • My host (1&1) offers ssl for $50 a year, but this site offers it for $5.
  • It's expensive and fiddly and raises the barrier to entry on the best platform we have on the entire planet for free speech. It's also totally unnecessary and seems like an extremist position to take. It's paternalistic and weird.
  • There are three kinds of people who make websites:
    1. Real, actual organizations (commercial or otherwise). In which case, they'll just throw a little extra money per year at their web host and it'll all just work.
    2. Individuals making websites for personal stuff (portfolios, blogs, etc). These people will, depending on their level of expertise or ability, either do the same as corporations or try rolling their own.
    or
    3. People trying to learn how to run a webserver. In which case, they'll need to learn how to properly setup SSL anyways.

    Advantages: Proper, secured connections for everyone.
    Disadvantages: Things are slightly more difficult for very small fraction of the population.
  • Don't agree at all with your boxes but too tired to make my own delineation. :) I remember in the early-mid 90s when the web became something that people outside of college campuses knew about and then could publish to. There's just no need to attach more overhead to the process of getting your random crap on the internet, and your random crap SHOULD be on the internet!!

    People should know by now to look for a secure connection and a reputable business when doing any sort of commerce online or giving out their sensitive information, and if they don't, an SSL certificate is poor protection against scammers anyway, who could certainly set one up.

    There's just no good reason to require this as an absolute except for some weird kind of techno evangelism. No thank you.
  • muppet said:

    It's expensive and fiddly and raises the barrier to entry on the best platform we have on the entire planet for free speech. It's also totally unnecessary and seems like an extremist position to take. It's paternalistic and weird.

    Let's Encrypt will nullify expensive, fiddly, and barrier to entry.
  • Starfox said:

    Let's Encrypt will nullify expensive, fiddly, and barrier to entry.

    Their certificates are now live.
  • Yeah, but you can't get one yet.
  • The problem is that Vanilla will still charge us extra for HTTPS even if the cert is no big deal.
  • The overhead for SSL handshakes will hopefully be mitigated by http2's server push, though there will be at least a year until that is fully supported on modern browsers and servers.
  • The overhead for SSL handshakes will hopefully be mitigated by http2's server push, though there will be at least a year until that is fully supported on modern browsers and servers.

    People are still going to charge you for it.

    nginx just added an HTTP2 patch.
Sign In or Register to comment.