Why does google want us to be on https ? - GoFuckYourself.com

KillerK · 01-05-2015, 09:49 PM

Can someone please share why they want us to be https?

pornmasta · 01-05-2015, 09:53 PM

Quote:

Originally Posted by KillerK

Can someone please share why they want us to be https?

because the nsa can handle its decryption but not its competitors

sandman! · 01-05-2015, 10:44 PM

Quote:

Originally Posted by pornmasta

because the nsa can handle its decryption but not its competitors

Barry-xlovecam · 01-05-2015, 10:55 PM

To eliminate all of the thin content sites that cannot afford the expense and effort to install HTTPS (TLS) certs.

HTTPS is worthless on 90% of websites -- they are not interactive or used in personal data processing ... Header requests (creating user logs) are made in plaintext to HTTPS addresses.

If fully implemented, they will have to find something else for Matt Cutts to do

PaperstreetWinston · 01-05-2015, 11:33 PM

Quote:

Originally Posted by pornmasta

because the nsa can handle its decryption but not its competitors

like he said

Arnox · 01-05-2015, 11:36 PM

Quote:

Originally Posted by Barry-xlovecam

To eliminate all of the thin content sites that cannot afford the expense and effort to install HTTPS (TLS) certs.

HTTPS is worthless on 90% of websites -- they are not interactive or used in personal data processing ... Header requests (creating user logs) are made in plaintext to HTTPS addresses.

If fully implemented, they will have to find something else for Matt Cutts to do

I don't think Matty boi has been at G for a year or so now.

PAR · 01-05-2015, 11:48 PM

Quote:

Originally Posted by Arnox

I don't think Matty boi has been at G for a year or so now.

https://www.mattcutts.com/blog/on-leave/

He is still with google, he did take a "leave" but is still with google..

I'm not sure the full goal behind google and HTTPS...

I have read that it is to mane the internet a little more secure, but with a growing popularity of HTTPS. It has led to HTTPS becoming a chosen vector for malware attacks.
In other words, the secure socket layer is no more secure.

Barry-xlovecam · 01-06-2015, 12:06 AM

Matt's just wearing Google clown shoes ...

But this HTTPS reasoning is faulty at face level ...

KaliC · 01-06-2015, 12:56 AM

I would wait a couple months before putting any weight in this.

Freedom6995 · 01-06-2015, 05:04 AM

Quote:

Originally Posted by Barry-xlovecam

To eliminate all of the thin content sites that cannot afford the expense and effort to install HTTPS (TLS) certs.

HTTPS is worthless on 90% of websites -- they are not interactive or used in personal data processing ... Header requests (creating user logs) are made in plaintext to HTTPS addresses.

If fully implemented, they will have to find something else for Matt Cutts to do

Free certs here https://www.eff.org/deeplinks/2014/1...ypt-entire-web

seeandsee · 01-06-2015, 05:07 AM

NSA want to be only to access that communication, end

Barry-xlovecam · 01-06-2015, 06:48 AM

Quote:

Originally Posted by Freedom6995

Free certs here https://www.eff.org/deeplinks/2014/1...ypt-entire-web

Tell that to people that operate over 1000 domain networks.

Quote:

[i]ncluding account hijacking and identity theft; surveillance and tracking by governments, companies, and both in concert; injection of malicious scripts into pages; and censorship that targets specific keywords or specific pages on sites....

That's mostly a crock of shit ... HTTPS (TLS) just encrypts data -- it doesn't change or filter data -- just encrypts the data from the browser to the server and back to the browser from the server. If an embedded iframe with an exploit is on a HTTPS server it will not raise an HTTPS exception -- both servers are HTTPS and a registered HTTPS Cert exists within a browser recognized issuing repository.

So, the "villains" fake register their domains and get their certs (for free!!!) YEAH! we are safe - LMFAO.

Will these free certs be *.wildcard certs or domain specific? All sub domains (including mail, ftp, www) are considered separate domains for HTTPS certs, unless the are wildcarded and each certificate has to be installed on the server. The certs need to be re-installed on upgraded (not updated) server os installs.

Also, the NSA has reportedly broken HTTPS encryption
NSA-Documents: Attacks on VPN, SSL, TLS, SSH, Tor - SPIEGEL ONLINE

This whole HTTPS thing is a Google scam and maybe a NSA trap ...

PAR · 01-09-2015, 10:00 AM

Quote:

Originally Posted by Barry-xlovecam

Tell that to people that operate over 1000 domain networks.

That's mostly a crock of shit ... HTTPS (TLS) just encrypts data -- it doesn't change or filter data -- just encrypts the data from the browser to the server and back to the browser from the server. If an embedded iframe with an exploit is on a HTTPS server it will not raise an HTTPS exception -- both servers are HTTPS and a registered HTTPS Cert exists within a browser recognized issuing repository.

So, the "villains" fake register their domains and get their certs (for free!!!) YEAH! we are safe - LMFAO.

Will these free certs be *.wildcard certs or domain specific? All sub domains (including mail, ftp, www) are considered separate domains for HTTPS certs, unless the are wildcarded and each certificate has to be installed on the server. The certs need to be re-installed on upgraded (not updated) server os installs.

Also, the NSA has reportedly broken HTTPS encryption
NSA-Documents: Attacks on VPN, SSL, TLS, SSH, Tor - SPIEGEL ONLINE

This whole HTTPS thing is a Google scam and maybe a NSA trap ...

All true, if it wasn't then the current tread in malware to target https would not even be possible.
As for the NSA, also true, They also have their hands on a new quantum computer that in a few years in theory would be able to unlock just about anything...

KaliC · 01-13-2015, 12:54 AM

Quote:

Originally Posted by PAR

All true, if it wasn't then the current tread in malware to target https would not even be possible.
As for the NSA, also true, They also have their hands on a new quantum computer that in a few years in theory would be able to unlock just about anything...

I never understood this, most security blocks any systems trying to crack a password. Not matter how much power if the IP is blocked after 5 fails and there is a million differant options that would take a 200k IPs.

fappingJack · 01-13-2015, 02:58 AM

Nice discussion following this thanks

Barry-xlovecam · 01-13-2015, 06:34 AM

Quote:

Originally Posted by KaliC

I never understood this, most security blocks any systems trying to crack a password. Not matter how much power if the IP is blocked after 5 fails and there is a million differant options that would take a 200k IPs.

The traffic (packets) is intercepted and stored to be encrypted before they reach the destination server -- then the process could be reversed intercepting the traffic (packets) containing the response to the client.

Security software on a server would be meaningless -- this is not a password cracking attack -- it is a traffic (packets) interception.

Anyone sophisticated would just encrypt text communications with very long random passwords. So, either terrorists and criminals are very stupid or a lot of this is intentional disinformation leaked. There are inconsistancies

from http://www.spiegel.de/media/media-35534.pdf

Code:

%PDF-1.3
%âãÏÓ
1 0 obj
<<>>
endobj
2 0 obj
<</Pages 3 0 R /Type /Catalog>>
endobj
3 0 obj
<</Count 16 /Kids
  [4 0 R 9 0 R 14 0 R 19 0 R 24 0 R 29 0 R 34 0 R 39 0 R 44 0 R 49 0 R
  54 0 R 59 0 R 64 0 R 69 0 R 74 0 R 79 0 R]
  /Type /Pages>>
endobj

VIM - Vi IMproved
version 7.4.52
by Bram Moolenaar et al.
Modified by [email protected]
Vim is open source and freely distributable

Quote:

History Documentation of PDF version 1.3 was published in July 2000 in association with the release of Acrobat version 4. PDF 1.4 was published in November 2001, and corresponds to Acrobat version 5.

PDF_1_3, PDF Versions 1.0-1.3

So, we are to believe that this document was made on Acrobat 4 on February, 2012 (the date is 1/2 horizontally obscured)? Does that all seem a little strange to you? This raises a lot of red flags with me.

I have found other inconsistencies in some of these Snowden leaked documents so far too. I am skeptical of all of this from what i have seen ...

TobySwan · 01-13-2015, 07:41 AM

wait abit before worrying about it

slapass · 02-28-2015, 09:41 AM

So did this go away?

DraX · 02-28-2015, 09:48 AM

So what's the future deal of this, should you get HTTPS on your site even though you don't need it technology wise?

Yes it's a question, im wondering....

Is there really any favors google wise? If there's not, then this can be thrown in the toilet as long as you don't run a shopping website or any other kind of site that SHOULD have the encryption.

Yes that's my 2nd question.

Harmon · 02-28-2015, 09:53 AM

Quote:

Originally Posted by KaliC

I would wait a couple months before putting any weight in this.

I wouldn't.

Make your sites responsive. Get your certificate. Shit is about to hit the fan. get in early, profit. Trust is huge to the end user. Google knows that. This will make the end user trust Google even more. Their results will all be SSL. Given time? The surfer will realize that they shouldn't trust a site without it.

Google WILL make a PR when they are ready to go whole hog. It will NOT be on Baddog's website, nor GFY. They will educate the consumer about information exchange. It doesn't matter if you have a signup form or not. They want EVERY page to be that way. I kind of like it.

Don't come back to this thread saying I didn't tell you so.

CPA-Rush · 02-28-2015, 10:01 AM

to protect you more against middle man attacks

anexsia · 02-28-2015, 12:27 PM

Quote:

Originally Posted by Barry-xlovecam

To eliminate all of the thin content sites that cannot afford the expense and effort to install HTTPS (TLS) certs.

Services like Cloudflare offer free SSL and a new service by the EFF will be offering free certs this summer...not to mention you can also buy certs for $4/year.

klinton · 02-28-2015, 07:57 PM

if you would read this article carefuly, you would know that mostly attacks on encryption are "succesfull" because of : a) stolen keys b) wrong implementation c) man in the middle

nothing more, mathematic still works

Quote:

Originally Posted by Barry-xlovecam

Also, the NSA has reportedly broken HTTPS encryption
NSA-Documents: Attacks on VPN, SSL, TLS, SSH, Tor - SPIEGEL ONLINE

This whole HTTPS thing is a Google scam and maybe a NSA trap ...

AdultKing · 02-28-2015, 08:39 PM

Quote:

Originally Posted by Harmon

Make your sites responsive. Get your certificate. Shit is about to hit the fan. get in early, profit. Trust is huge to the end user. Google knows that. This will make the end user trust Google even more. Their results will all be SSL. Given time? The surfer will realize that they shouldn't trust a site without it.

Precisely.

The two most urgent things that old school webmasters need to do is update their sites to be responsive and implement SSL.

Implementing SSL is not difficult and you don't even have to get a certificate, just use Cloudflare.

Mobile is big now and it's getting bigger all the time. Some of my sites have more than 65% of visitors coming on mobile devices. People really need to get their sites updated. I know I still have dozens of legacy sites which aren't mobile friendly, they'll suffer as a result.

01-05-2015, 09:49 PM	#1
KillerK Confirmed User Join Date: May 2008 Posts: 3,406	Why does google want us to be on https ? Can someone please share why they want us to be https?

01-06-2015, 12:56 AM	#9
KaliC Sexy Beast Industry Role: Join Date: Jan 2005 Posts: 617	I would wait a couple months before putting any weight in this. __________________ AdultWebHosting.com

01-06-2015, 05:07 AM	#11
seeandsee Check SIG! Industry Role: Join Date: Mar 2006 Location: Europe (Skype: gojkoas) Posts: 50,945	NSA want to be only to access that communication, end __________________ BUY MY SIG - 50$/Year Contact here

01-13-2015, 07:41 AM	#17
TobySwan Registered User Industry Role: Join Date: Jan 2015 Posts: 91	wait abit before worrying about it __________________ tobyswan CSS3 \| HTML5 \| Design \| Wordpress \| Tubes ICQ: 677-971-646 E: [email protected] SKYPE: toby.swan1

02-28-2015, 09:48 AM	#19
DraX Confirmed User Industry Role: Join Date: Oct 2002 Location: In wonderland.. Posts: 7,147	So what's the future deal of this, should you get HTTPS on your site even though you don't need it technology wise? Yes it's a question, im wondering.... Is there really any favors google wise? If there's not, then this can be thrown in the toilet as long as you don't run a shopping website or any other kind of site that SHOULD have the encryption. Yes that's my 2nd question. __________________ Deposit Today With BTC - Play With Bitcoins

01-05-2015, 10:55 PM	#4
Barry-xlovecam It's 42 Industry Role: Join Date: Jun 2010 Location: Global Posts: 18,083	To eliminate all of the thin content sites that cannot afford the expense and effort to install HTTPS (TLS) certs. HTTPS is worthless on 90% of websites -- they are not interactive or used in personal data processing ... Header requests (creating user logs) are made in plaintext to HTTPS addresses. If fully implemented, they will have to find something else for Matt Cutts to do

01-06-2015, 12:06 AM	#8
Barry-xlovecam It's 42 Industry Role: Join Date: Jun 2010 Location: Global Posts: 18,083	Matt's just wearing Google clown shoes ... But this HTTPS reasoning is faulty at face level ...

01-13-2015, 02:58 AM	#15
fappingJack So Fucking Banned Industry Role: Join Date: Dec 2014 Location: somewhere down the road Posts: 2,172	Nice discussion following this thanks

02-28-2015, 09:41 AM	#18
slapass Too lazy to set a custom title Join Date: Nov 2002 Location: Earth Posts: 14,625	So did this go away?

02-28-2015, 10:01 AM	#21
CPA-Rush small trip to underworld Industry Role: Join Date: Mar 2012 Location: first gen intel 80386/nintendo-gb/arcade/ps1/internet person Posts: 4,927	to protect you more against middle man attacks __________________ automatic exchange - paxum , bitcoin,pm, payza . daizzzy signbucks caution will black-hat black-hat your traffic ignored forever :zuzana designs {firefox- remove some posters \|skills#1\|skills#2\| email >[email protected] } ツ