Why aren't all hentai websites (and especially some of the better ones) using https , seems pretty dumb not to.
>>4116601
Ehentai doesn't use it because majority of their images are served through a distributed client network anyone can run for one.
Also as someone who has to admin several https servers, SSL certificates are either expensive or, when they're free, pretty annoying to deal with (or both).
>>4118036
>https
>expensive
>>4116601
source
>>4118215
Bump
>>4118215
Anyone?
>>4121154
It's called fuck off to /r/ retard.
>>4121156
suace?
>>4116601
https://letsencrypt.org/ public beta should help
>>4118036
>ssl cert
>expensive
I own several of them
I also have a certified public key that I use for legally-binding digital signatures, in addition to my multiple sets of PGP keys; all stored on secure hardware
All of this is literally in the hundred-dollar range
Okayusan - School Castle
>>4116601
Contrary to popular belief, HTTPS does not prevent third parties from monitoring your traffic, just the content. Since there is little to no sensitive information in porn, it is not very practical to encrypt it.
Don't think there is a point. The man will still see that you download from known porn distribution centres, they just wont be able to tell exactly what you downloaded.
Better to use anonymising services I think.
>>4122227
>HTTPS does not prevent third parties from monitoring your traffic, just the content.
ur not making sense.
>>4122227
eh, that content includes the path so other people on your local network snooping can't tell *which* galleries on sadpanda you're visiting.
That could be important, considering.
>>4122389
People will still know what website you're visiting. Just not the user info etc.
>>4122410
if you turn off SNI they will only know the IP, and like in the case of e(x)hentai that doesn't help much unless they already know the site it belongs to
bump...
>>4125067
what for?
>>4125078
sauce?
>>4125099
Then learn to use the 4chan image search feature.
>>4125101
I got nothing from it.
>>4125116
Then take it to /r/. The situation you're in is the entire reason that board exists
For fucks sake man, this isn't rocket science.
>>>/g/
also start using https-everywhere
>>4122227
You can only see the website with HTTPS, not the path or any of the content. That's pretty important.
>>4116601
what blows my mind is ulmf doesn't use https... anywhere as far as I can tell, not for signup, not for login, wtf
I'd also really like for gelbooru to use https for non-images (you can serve an http image on an https page). That way I don't have to worry about my query leaking. The truth is nobody cares if you request a certain image, for all they know you didn't know what was in it from the thumbnail, but if your query includes 'loli', a snooping 3-letter agency might get interested in you. Luckily my fetishes aren't *that* likely to get me on a list, but I'd still rather they were private...
>>4128650
> more computationally expensive
Yeah, and everyone knows that CPU power is extremely expensive these days and getting more expensive by the minute.
But in all seriousness, images are huge relative to the rest of the served content and encrypting them would incur non-trivial costs, but at least ensuring all user input (including requests for a specific gallery's page) goes over https would be a huge privacy improvement.
>>4128661
I hope you've enabled referrer blocking then, otherwise they'd still see your query in the referrer header (when you load an http pic from an https page)...
>>4116601
What's the point of https? Can someone please explain?
>>4128665
Good point, I actually didn't think of that, but the site can trivially disable sending referrers with a meta tag. Since we're hypothetically relying on them to encrypt in the first place, we can hypothetically ask them to add one tag to the html they serve.
http://caniuse.com/#feat=referrer-policy
>>4128668
Without it, your web traffic is completely transparent to anyone who cares to look, like anyone on your wifi/LAN, your ISP, etc. With https, all they can find out is the name of the site you're visiting, everything else is encrypted.
>>4128665
>>4128676
Actually, according to https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-state-no-referrer-when-downgrade
A browser *shouldn't* send referrer information from an https served page when making an http request. "This is a user agent’s default behavior, if no policy is otherwise specified."
Whether or not real browsers actually behave like this is obviously another question entirely.
>>4118036
letsencrypt.org
now you have no excuse
>>4128766
>giving a website script root access to your web server
thanks, I always wanted to run a botnet
>>4128650
>It is more computationally expensive to serve encrypted connections
Whatever, Shit's literally transparent
if you're not using it for whatever stupid reasons you can conjure up, you're basically a dumb web dev code monkey who probably thinks inlining base64-encoded images saves space and makes the page load faster
>>4128668
Without it, I could literally sit on some public wifi space and start stealing other people's cookies
>>4125130
jesus man you've said that same phrase in the past 4 threads i've been in. lighten up
>>4116601
source?
>>4131466
Okayusan.
