Technical Problem No https + inbox quota unacceptable

[alasdairm]

Please explain why you think it's safe to not use encryption...

i don't believe i've ever said it is.

I might use the website, but I can't trust that I'm not using a spoofed website.

right. you're aware of the risks and yet you choose to continue to use the site. others have that choice too.

Other users might not understand the risks...

then they should inform themselves. they could start with bluelight's own FAQ: "Note that Bluelight is currently available only over a regular (i.e. non-secure) HTTP connection. There's some background reading on HTTP vs. HTTPS here: Question: HTTP and HTTPS - What is the difference?. You need to decide for yourself whether that's a factor for your own security."

It is impossible for you to run a secure website without Transport Layer Security.

i agree. again, i don't believe i've ever argued otherwise.

alasdair

 

[DrGreenthumb]

You don't have to say it's safe, your actions speak louder than your words, you're still running an insecure site. It's been many years & the site still doesn't use https. Why not?

I wouldn't use this site if I had a career or any hope for my personal future at all, it'd be stupid. I'm in a nothing to lose situation, so there's no risk for me, jail would be a step up for me. Other people aren't in that situation & don't use the site, or they're simply not aware of the risk. By the time they have read the FAQ it could be too late.

Right now it's likely that using this site would do more harm than good for most drug users, that's not the way a harm reduction site should be run. Starkid is right, somebody should hijack an admin account & take this site offline in the name of harm reduction.

 

[alasdairm]

...you're still running an insecure site.

and you're still choosing to use it even though you know it's insecure.

...or they're simply not aware of the risk.

then they should inform themselves. they could start by reading bluelight's own faq item on security.

we're going round in circles now and i suspect we're not going to agree on this. it's in process.

alasdair

 

[stlouisgirl]

if somebody googles, for example "stlouisgirl", pages and posts on bluelight may appear in those search results. anything you type on bluelight can be viewed by anybody with an internet connection - millions if not billions of people can potentially read what you are writing.

ok that makes sense, but I guess my real question is if someone googles my REAL name? Could the posts under STLOUISGIRL come up?

 

[stlouisgirl]

You don't have to say it's safe, your actions speak louder than your words, you're still running an insecure site. It's been many years & the site still doesn't use https. Why not?

I wouldn't use this site if I had a career or any hope for my personal future at all, it'd be stupid. I'm in a nothing to lose situation, so there's no risk for me, jail would be a step up for me. Other people aren't in that situation & don't use the site, or they're simply not aware of the risk. By the time they have read the FAQ it could be too late.

Right now it's likely that using this site would do more harm than good for most drug users, that's not the way a harm reduction site should be run. Starkid is right, somebody should hijack an admin account & take this site offline in the name of harm reduction.

I am getting VERY nervous now. My question is, if someone googles my REAL name, will my posts show up as results? Or is it only if they google my username, STLOUISGIRL?

 

[stlouisgirl]

You are raising a valid concern, but you (and the OP) are doing it really poorly. Its negates the value of your opinion and advice.

THAT my friend is a POOR response to users legitimate concerns. Quit acting arrogant and answer his concerns. I for one am not sure I want to be on here anymore. I know, I know, you could care less...

 

[stlouisgirl]

yet it's not enough of a problem to prevent you from posting. your actions speak louder than your insulting words.

Oh my God, THAT as a Moderator, is how you answer one of your user's concerns?

 

[alasdairm]

i'm simply pointing out the inconsistency in the posters' words and actions. my replies have been on-topic and perfectly civil.

alasdair

 

[swilow]

THAT my friend is a POOR response to users legitimate concerns. Quit acting arrogant and answer his concerns. I for one am not sure I want to be on here anymore. I know, I know, you could care less...

Please don't put words in my mouth. All concerns were responded too. I think the op and Dr greenthumb were rude. I pointed it out.

 

[alasdairm]

I for one am not sure I want to be on here anymore. I know, I know, you could care less...

i'd love for you to stick around and contribute to, and benefit from, the discussion here. but if this is enough to make you want to leave, then perhaps we weren't right for each other anyway...

let me ask you a question? what would you think if you were thinking of buying a car and a friend told you not to buy a gm car because they're terrible, unreliable and unsafe. but the same friend drives a gm car.

wouldn't you at least consider taking their opinion with a grain of salt? i'm asking for a little perspective here, that's all.

alasdair

 

[sigmond]

I am getting VERY nervous now. My question is, if someone googles my REAL name, will my posts show up as results?

Not unless you linked your real name, the name stlouisgirl, and the site bluelight.

Even then someone might have to search for those three things simultaneously.

 

[subotai]

Yo if youre that concerned about privacy then dont use the site

I dont really see how theres any other resolution, as if the fbi is going to kick in your door over some internet posts anyway

You aren't that important

 

[swilow]

Yo if youre that concerned about privacy then dont use the site

I dont really see how theres any other resolution, as if the fbi is going to kick in your door over some internet posts anyway

You aren't that important

There is that.

Whilst it is true to say that the FBI is probably not concerned with the actions a bunch of drugfaces, it is also true that they (and other law enforcement agencies) would most certainly be perusing the site. This doesn't mean you need to be afraid or paranoid- just be cautious. Don't self incriminate. Don't give out your personal information. Avoid links between your Bluelight account and your real life. Don't share anything on BL that you wish to remain hidden. Above all, be smart. You've made a good decision in checking out Bluelight, but please- continue being smart whilst using it. Bluelight tries to give people information with which to make an informed decision. There aren't that many resources like Bluelight out there, but they do exist and are also free to use. An aspect of using Bluelight, which is enshrined in our rules, is taking responsibility for the information you disseminate. So be smart and don't identify yourself! Be circumspect in what you say, whilst not sacrificing clarity. At the end of the day, Bluelight could be compelled to hand over any information you have contributed and this is the same using HTTPS or otherwise, so YOU must decide what information you share.

Please remember that this is a volunteer-run website. It is absolutely valid for users to raise concerns and begin such discussions, but it should always be remembered that a productive discussion requires courtesy.

 

[DrGreenthumb]

i'm simply pointing out the inconsistency in the posters' words and actions. my replies have been on-topic and perfectly civil.

alasdair

I have actually left the site because of this problem. I just logged in for the last time to let you know so you can stop using me as an excuse for running an insecure website. I believe starkid has left too & now stlouisgirl. Anybody with any concern for their own safety hasn't registered, so we can't know what they think.

If I hadn't registered here then how would I raise my concerns? You still ignore them when I post in public & somehow me being here is a justification for you not running your website properly.

Your replies have been arrogant & so incredibly ignorant that you must have some agenda behind it. I can't believe anybody on the staff team of a large website would behave like that in response to real security concerns.

Please delete my account, it'll be one less that can be hijacked.

It's not even about the FBI, any common criminal could easily take over the site & nobody would know, because of your failure to secure the transport layer. No website that has user logins should be operating without TLS, that has been standard advice to all website developers from every security professional around for over 5 years.

There's no cost to you, there are even performance benefits & savings to be had, I've offered my labour for free to fix it, again I've been ignored.

 

[alasdairm]

thanks for the feedback.

alasdair

 

[alasdairm]

based on views vs. replies, about 18 times more people read this thread that reply to it. that's not atypical for a bl thread.

i'm sorry to see drgreenthumb take his ball and go home but that's his right. to anybody else reading this who's not sure what to make of this fuss, i would encourage you to do some reading on https and what it does and does not do. you could start with bluelight's own FAQ on the subject of security.

we've been very clear about this from the start and i'll say it again - bluelight is not a secure website.

we're not forcing anybody to do anything they don't want to do. if you decide that the risks outweigh the benefits, you should not register for bluelight.

alasdair