• 🇬🇧󠁿 🇸🇪 🇿🇦 🇮🇪 🇬🇭 🇩🇪 🇪🇺
    European & African
    Drug Discussion

    Welcome Guest!
    Posting Rules Bluelight Rules
  • EADD Moderators: Pissed_and_messed | Shinji Ikari

Recruitment EADD Needs YOU....!!! Another mod to join the ranks

Status
Not open for further replies.
alasdairm said:
you're implying something deceptive is happening. we're quite open about the lack of https. we're misleading anybody and people are quite able to take responsibility for their own choice.

alasdair
Click to expand...

I'm not implying something deceptive is happening, I was pointing out that being able to post in an anonymous subforum has bugger all to do with transport layer security, to someone who foolishly believes 5that it does.

I'm glad you understand you need to do this - I'm fully aware of just how insecure the traffic to and from the site is and take that into account when I use it, but I'd hazard a guess that while most people understand what they post to the site is public, they don't realise just how public it all, including any private messaging actually is, and to whom.
 
Last edited:
Ceres said:
I'm not implying something deceptive is happening, I was pointing out that being able to post in an anonymous subforum has bugger all to do with transport layer security, to someone who foolishly believes 5that it does.

I'm glad you understand you need to do this - I'm fully aware of just how insecure the traffic to and from the site is and take that into account when I use it, but I'd hazard a guess that while most people understand what they post to the site is public, they don't realise just how public it all, including any private messaging actually is, and to whom.
Click to expand...
indeed. people are quite able - and need - to take responsibility for their own choice.

alasdair
 
Why is https an important thing to have on a discussion site?

We're not doing online banking here. If someone could tell me in layman's terms why it matters it would be most appreciated. :)

Surely everyone realises that anything you type on the internet can be hoovered up by the NSA anyway, so what's the difference?
 
felix said:
Why is https an important thing to have on a discussion site?

We're not doing online banking here. If someone could tell me in layman's terms why it matters it would be most appreciated. :)
Click to expand...

So people can talk openly about their drug problems, without the fear of legal ramifications.
 
Last edited:
felix said:
Why is https an important thing to have on a discussion site?

We're not doing online banking here. If someone could tell me in layman's terms why it matters it would be most appreciated. :)

Surely everyone realises that anything you type on the internet can be hoovered up by the NSA anyway, so what's the difference?
Click to expand...
a few reasons include :

without TLS you can't even be confident you are actually communicating with the bluelight server directly.
without TLS you can't be confident that what the server is sending to you is coming from the server.
without TLS it is like sending all your mail in transparent envelopes through a dozen transparent postboxes, with your return address on all the mail.
without TLS your nextdoor neighbour could be reading everything you post to BL including PMs.
without TLS anyone infiltrating the network the BL server is hosted on, or the network any of what could be two dozen machines in between you and the server, can read everything and modify everything in transit without you realising.
this means the site could be used to deliver malware to your computer.

it is just common sense and good practice in this day and age to use TLS for anything online, it adds a layer of protection that naive users benefit from without even having to be aware of it. Not having it puts everyone at greater risk.

it is not about protecting you from intelligence agencies, it is about protecting you from common criminals.
 
Without TLS the server can't be confident that the users aren't spoofed either, the whole security of the site depends on it. Anybody who can read traffic coming from the server can spoof logins, including for admin & moderator accounts. Anybody on a malicious wifi network can easily get their account compromised.

These are real attacks that any common criminal can do very easily, it doesn't need to be an intelligence agency, without TLS a website & it's users have no security at all.

Every website with a login should be https, if it isn't you really have to question their motives for not using TLS.
 
Last edited:
DrGreenthumb said:
Without TLS the server can't be confident that the users aren't spoofed either, the whole security of the site depends on it. Anybody who can read traffic coming from the server can spoof logins, including for admin & moderator accounts. Anybody on a malicious wifi network can easily get their account compromised.

These are real attacks that any common criminal can do very easily, it doesn't need to be an intelligence agency, without TLS a website & it's users have no security at all.

Every website with a login should be https, if it isn't you really have to question their motives for not using TLS.
Click to expand...

Ceres said:
a few reasons include :

without TLS you can't even be confident you are actually communicating with the bluelight server directly.
without TLS you can't be confident that what the server is sending to you is coming from the server.
without TLS it is like sending all your mail in transparent envelopes through a dozen transparent postboxes, with your return address on all the mail.
without TLS your nextdoor neighbour could be reading everything you post to BL including PMs.
without TLS anyone infiltrating the network the BL server is hosted on, or the network any of what could be two dozen machines in between you and the server, can read everything and modify everything in transit without you realising.
this means the site could be used to deliver malware to your computer.

it is just common sense and good practice in this day and age to use TLS for anything online, it adds a layer of protection that naive users benefit from without even having to be aware of it. Not having it puts everyone at greater risk.

it is not about protecting you from intelligence agencies, it is about protecting you from common criminals.
Click to expand...

In fairness someone has pointed out to me that other forums utilise https. I was under the Felix school of thought that it was limited to just about online banking. clearly times are changing and this old dog wasn't uptodate.

Yeah, you both speak sense.
 
14io601.jpg


>>>>> CLICK ON LINK PICTURE TO WEBSITE ABOVE <<<<<<


>>>>>> click para pene píldoras <<<<<

>>>>>>klicken zur website enter <<<<<<
 
Last edited:
IT BURNS Scotch! The Yellow IT BURNS! Don't you know my soul is black, I can't handle such a happy bright colour! Why!!!!!
 
felix said:
Thanks for those explanations, Ceres and Greenthumb. :)
Click to expand...
everything drgreenthumb and ceres have said here is correct.

it's also a matter of fact that, between them, they've been active on bluelight for about 6 years and have made about 10,000 posts. they've obviously decided that the risk is low enough for them. their indignation is noted but it's inconsistent with their own actions.

bluelight is not hiding anything or misleading anybody and other people are free to make that choice for themselves too.

again, it will happen. it's just not happening as fast as some people might like.

alasdair
 
alasdairm said:
it's also a matter of fact that, between them, they've been active on bluelight for about 6 years and have made about 10,000 posts. they've obviously decided that the risk is low enough for them. their indignation is noted but it's inconsistent with their own actions.
Click to expand...

I also noted the above point. ;)

I am now more aware of the technical details, but have yet to figure out why I or anyone else should give a shit, bearing in mind that an "attack" as described has never actually happened on BL (to my knowledge).

BL is a big deal to us regulars, obviously, but in the grand scheme of things on the www it's fuck all, really. What are the chances anyone would actually take the time & effort to target this forum, when there are hundreds of thousands (or whatever) other ones out there?

How much money would it cost to activate this SSL anyway?
 
if you ask me BL is a huge target.

also there is just always a risk of opportunistic hacking, for any server, all day every day of the year.

given the global nature of the userbase from all walks of life, some people may be more at risk than others.

see examples such as https://en.wikipedia.org/wiki/FinFisher

https://en.wikipedia.org/wiki/Hacking_Team

these are commercial products sold to governments and police forces that exploit things like I outlined in my post earlier

I don't want to labour the point though, as I said I've brought it up before.
 
Status
Not open for further replies.
Top