You would have thought...

Discussion in 'Feedback & Help' started by Scottishgifts4u, Oct 22, 2017.

  1. Darren C

    Darren C Guest

    0 0
    Counter example: one site was getting 1200 page views a day consistently and suddenly dropped to 500. The cause was an improperly configured intermediate certificate. The result was a google warning on 'mobile only' that I was oblivious too since the desktop site had no warning.

    Fixing this brought the traffic back to normal.

    So you could be missing out on loads more pointless emails.
     
    Posted: Oct 23, 2017 By: Darren C Member since: Jan 1, 1970
    #21
  2. Ian J

    Ian J Factoring Specialist Full Member - Verified Business

    4,773 1,337
    They are not stored in plain text and are all encrypted
     
    Posted: Oct 23, 2017 By: Ian J Member since: Nov 6, 2004
    #22
  3. ffox

    ffox UKBF Regular Free Member

    1,138 197
    Edge hides the http/https part of the URL in the address bar, substituting padlock icon on every https site. No padlock = no https.

    Move focus to the address bas and it will display the full URL
     
    Last edited: Oct 23, 2017
    Posted: Oct 23, 2017 By: ffox Member since: Mar 11, 2004
    #23
  4. fisicx

    fisicx It's Major Clanger! Staff Member

    29,289 8,629
    Yes, but my mum and dad and most other people won't know to do this. and many have no idea what the padlock means.

    Very few people use the address bar for anything. I was with someone the other day and I gave them the URL. They went to google, typed in the URL (with www) and clicked on the search result.
     
    Posted: Oct 23, 2017 By: fisicx Member since: Sep 12, 2006
    #24
  5. Ian J

    Ian J Factoring Specialist Full Member - Verified Business

    4,773 1,337
    I thought it meant that you will get locked up if caught on that site
     
    Posted: Oct 23, 2017 By: Ian J Member since: Nov 6, 2004
    #25
  6. ffox

    ffox UKBF Regular Free Member

    1,138 197
    That's the point @Clinton is making. Most people don't know what the symbols mean, most people don't know what HTTP/HTTPS means.
    Across the globe most people access the Internet via a smart phone and have little or no interaction with a URL. Clinton believes that these lost souls should bear the responsibility for accessing/or not accessing unsafe sites.
    I would suggest that site owners can be and should be more proactive - come on UKBF, get your finger out.

    Just my opinion o_O
     
    Posted: Oct 23, 2017 By: ffox Member since: Mar 11, 2004
    #26
  7. Clinton

    Clinton UKBF Big Shot Full Member

    3,505 1,162
    Great opinion And very noble to want to protect people.

    But misguided.

    Large organisations, like governments (and US corporations like MS and Facebook), have a vested interest in keeping us tech-ignorant. The more ignorant we are, the more they can control us ...and/or fleece us.

    I don't mean this as a personal attack on you. Despite the fact we've clashed often, I believe you're a decent chap with his heart in the right place. :)

    But the organisations and administrations that pull the strings want to keep us stupid. You should read Dumbing Us Down (the hidden curriculum of school) by John Gatto. The establishment seeks to control and uses the education system to deliver what the likes of MS, Google etc want them to deliver.

    Remember all the educational discounts for MS Office in the nineties and noughties? For a whole generation of school kids, IT in school was just about learning Word, Excel and Access, That wasn't by accident. It was a collaborative effort to groom tomorrow employees and business owners into blind loyalty towards a certain brand.

    Control.

    Google works closely now with many schools and in those schools every new pupil is automatically signed up with a Gmail account. They aren't told any T&Cs. They aren't told that Google is building a profile on them and that though Google can't advertise to them now Google will save that profile data for when they are adults. They are not given the choice of opting out of having a GMail account.

    There's a word for that: Grooming.

    We've been manipulated in so many ways other ways, it's crazy. You think it's an accident that Paypal and Apple change their terms every 15 minutes and present us with a 40 page legal document to read and accept? No, they're working towards a gradual wearing away of common sense.

    It's to condition you and me and make us blind to small print.

    If it's a brand we recognise then we must just click "Agree". There's no point reading anything because if it's Google or MS or Amazon then they've got our backs - we can trust them.

    We should trust them! That's the normal thing to do!

    Count me out of this madness. I'm not a fan of keeping people tech-dumb. The people you refer to are not "lost souls". They are people who've been deliberately and systematically misled and manipulated. We need to stop helping in this exploitation.
     
    Last edited: Oct 23, 2017
    Posted: Oct 23, 2017 By: Clinton Member since: Jan 17, 2010
    #27
  8. ffox

    ffox UKBF Regular Free Member

    1,138 197
    and

    I agree with both of your statements above. Those with no interest in self protection will not learn. Allow them to get burned and they still will not learn. Schools and other institutes of learning are not equipped to teach IT. The subject moves too fast for them to keep up.

    The most reliable source of user protection is the IT industry, only those in that industry are capable of keeping up with the speed of development.
    Currently 40% of global IT usage is via Android devices, in the developing world most of these are mobile phones. This is a growing trend.
    If the users can't or wont learn and refuse to turn away from the tremendous resource that is the Internet, those providing Internet services will need to protect them from the worst excesses. If some service providers fail in this users will turn to other providers who do offer some security.

    Nothing altruistic in that. Just common business sense. :)
     
    Posted: Oct 23, 2017 By: ffox Member since: Mar 11, 2004
    #28
  9. Clinton

    Clinton UKBF Big Shot Full Member

    3,505 1,162
    Then we let evolution take care of them!

    If an grown adult wants to jump off cliffs, there's only so much you can do to protect him. Unless you lock him up permanently he's going to find a cliff and attempt to prove that gravity doesn't exist.

    LOL. The IT industry has no interest in the man on the street being tech savvy, there's no money in it for them. Their idea of protection is for us to pay them protection money. They have a vested interest in keeping us dumb and keeping us clicking on the "Agree" button at regular intervals.

    That's not "business". That's exactly the exploitation I described earlier.
     
    Posted: Oct 23, 2017 By: Clinton Member since: Jan 17, 2010
    #29
  10. ffox

    ffox UKBF Regular Free Member

    1,138 197
    Then we must agree to disagree.
     
    Posted: Oct 23, 2017 By: ffox Member since: Mar 11, 2004
    #30
  11. UKSBD

    UKSBD Not a real duck Staff Member

    8,791 1,664
    If a Government agency did what the Likes of Google and Facebook did their would be uproar.

    We don't mind Google being able to pinpoint exactly where we are at any given time, imagine if the Government wanted us to have devices that did the same.

    We have a generation now that just click and agree to anything without knowing what they are ageing to.
     
    Posted: Oct 23, 2017 By: UKSBD Member since: Dec 30, 2005
    #31
  12. fisicx

    fisicx It's Major Clanger! Staff Member

    29,289 8,629
    If that were the case we wouldn't have endless data breaches, insecure IoT devices and no more malware.
     
    Posted: Oct 23, 2017 By: fisicx Member since: Sep 12, 2006
    #32
  13. Mr D

    Mr D UKBF Legend Free Member

    10,119 1,063
    And governments want access to what people are doing with apps.... all in the name of keeping the sheep safe of course.
     
    Posted: Oct 23, 2017 By: Mr D Member since: Feb 12, 2017
    #33
  14. Mike Hayes

    Mike Hayes UKBF Enthusiast Full Member

    817 197
    The text you quoted wasn't talking about UKBF but websites in general.

    For the record, I do not believe UKBF would store or logs passwords in plain text. However I would be interested to know how you can prove that's the case, unless you have access to their servers to examine everything? :)

    And that was my point in supporting Clinton's argument - just because a password is transmitted over HTTPS, it doesn't mean the data is secure once the HTTPS connection is terminated on the other side. You don't know what happens with it. You can take an educated guess, knowing for example that UKBF runs XenForo and its default behaviour is to hash passwords but you cannot be 100% sure unless you have access to their servers.

    So the point being: always use a unique password for each website, even if you're connecting over HTTPS. This is part of the reason browsers are removing the "Secure" label for HTTPS connections (making HTTP "Not secure" and removing the HTTPS label).

    Edit - to add to my point, the internet is all about trust but even if you trust UKBF to hash your password, you shouldn't rule out situations such as an intruder being sat on their server intercepting the password before it's hashed. HTTPS doesn't resolve those cases.
     
    Last edited: Oct 23, 2017
    Posted: Oct 23, 2017 By: Mike Hayes Member since: Jan 7, 2016
    #34
  15. Clinton

    Clinton UKBF Big Shot Full Member

    3,505 1,162
    So.... are you going to put us out of our damned suspense and tell us whether you repaired cars?
     
    Posted: Oct 23, 2017 By: Clinton Member since: Jan 17, 2010
    #35
  16. ffox

    ffox UKBF Regular Free Member

    1,138 197
    Quite so. But, can you suggest a more reliable source of user protection, apart from full user education and local network lockdown?
     
    Posted: Oct 23, 2017 By: ffox Member since: Mar 11, 2004
    #36
  17. Mike Hayes

    Mike Hayes UKBF Enthusiast Full Member

    817 197
    Here's hoping browsers look like this when connecting over HTTP in future:

    [​IMG]

    It's funny because that description which was designed for websites on Google's malware list would read perfectly for websites running over HTTP too!
     
    Posted: Oct 23, 2017 By: Mike Hayes Member since: Jan 7, 2016
    #37
  18. UKSBD

    UKSBD Not a real duck Staff Member

    8,791 1,664
    Problem is, if messages start regularly appearing, people will just become blind to them and click through anyway.
     
    Posted: Oct 23, 2017 By: UKSBD Member since: Dec 30, 2005
    #38
  19. Mike Hayes

    Mike Hayes UKBF Enthusiast Full Member

    817 197
    True. You would need an extremely high rate of HTTPS adoption before it makes sense to deploy intrusive warnings.

    Then again, HSTS is designed to combat man-in-the-middle problems; warnings shouldn't be necessary if website operators implement HSTS - I take back my previous post :)
     
    Posted: Oct 23, 2017 By: Mike Hayes Member since: Jan 7, 2016
    #39