0
51

[–] bf 0 points 51 points (+51|-0) ago 

I'd love to upvoat this but my daily amount ran out :(

0
16

[–] BlurryScreen [S] 0 points 16 points (+16|-0) ago 

No worries :), new system new ways of doing things. Glad to provide some news to everyone.

0
20

[–] bf 0 points 20 points (+20|-0) ago 

I just realized this is going to be /r/technology except not cancer. OMG. I forgot how many subreddits used to be so fucked up. Now we can start over and form a new home.

0
7

[–] kiwikoi 0 points 7 points (+7|-0) ago 

I'm in the same situation. I used all my upvoats before realizing there was a limit. (kinda like how I hit the button before knowing what it was on that one sight we don't name)

0
2

[–] ZionistShill 0 points 2 points (+2|-0) ago 

I would up vote you, but I can't.

0
0

[–] Yofelli 0 points 0 points (+0|-0) ago 

This limit is here for the time that you submit enough material

0
4

[–] KobeInMy2Cups 0 points 4 points (+4|-0) ago 

I just learned about this when I tried to upvoat you, but then it said I reached my daily limit. Now I have to actually contribute to conversations to participate.

0
2

[–] ZionistShill 0 points 2 points (+2|-0) ago 

Yeah it just causes me to make spammy, off-topic posts such as this one hoping someone up votes me.

0
1

[–] Anenome 0 points 1 points (+1|-0) ago 

There's a daily upvote limit? What is it???

[–] [deleted] 0 points 14 points (+14|-0) ago 

[Deleted]

0
2

[–] BlurryScreen [S] 0 points 2 points (+2|-0) ago 

Yup =) I still trust my plugin/extension to force https (https everywhere) because so many sites still default to http. https should be standard at this point for any site dealing with anything that holds user information.

[–] [deleted] 0 points 2 points (+2|-0) ago 

[Deleted]

0
2

[–] Rakseri 0 points 2 points (+2|-0) ago 

0
2

[–] NotSurvivingLife 0 points 2 points (+2|-0) ago 

My only concern with HTTPS is that it further restricts random people from creating content. What with the whole "you must have a certificate signed by a certificate authority or it will scream bloody murder" thing. Especially as most web browsers consider self-signed certificates worse than no HTTPS at all.

Why it cannot be like the following I'll never know:

Browsers pin certificates. With a mechanism for a certificate to revoke itself, and a mechanism for a certificate to allow another certificate to supersede it. They'll scream bloody murder if they find a conflict. Websites have a mechanism whereby you can ask them to verify that a certificate is valid. Or rather: you ask a website that you already have a certificate for to send you the hash of a website's certificate as seen by them. On first access to a website, your browser will ask to contact a (couple) third part(y/ies) for whom you already have the certificate for, to double-check that no-one is trying to MITM you.

The biggest problem with this is the possibility of said certificate resolvers being used to DDOS people, but this can be mitigated. Among other ways, by having servers share certificates.

0
0

[–] DarkLinkXXXX 0 points 0 points (+0|-0) ago 

My only concern with HTTPS is that it further restricts random people from creating content. What with the whole "you must have a certificate signed by a certificate authority or it will scream bloody murder" thing. Especially as most web browsers consider self-signed certificates worse than no HTTPS at all.

Hopefully Let's Encrypt will change that.

0
0

[–] NotSurvivingLife 0 points 0 points (+0|-0) ago  (edited ago)

I fail to see how this is objectively an improvement in any way over a self-signed certificate, aside from the whole "current browsers don't scream bloody murder" thing (which is stupid).

0
0

[–] woofcat 0 points 0 points (+0|-0) ago 

There are a number of certificate authorities offering free SSL certificates these days. True they don't have the same browser acceptance of say Verisign but still better than self signed.

0
0

[–] NotSurvivingLife 0 points 0 points (+0|-0) ago  (edited ago)

How is that better than self-signed? In any objective way beyond "browsers don't show a scary warning"?

Those free certificate authorities add basically no security (the verification process tends to be a joke), and replace one point of failure (my server) with an entire company (and said server still). And anyone that can coerce said company. And anyone that can coerce anyone else on the certificate chain.

Oh, and let's not forget the whole "in order to revoke a certificate you have to pay money" thing that many of them try to pull.

1
2

[–] Minori6kaemon 1 points 2 points (+3|-1) ago  (edited ago)

Can someone ELI5 the difference between HTTPS and HTTP?

EDIT: Thanks for all the speedy replies!

[–] [deleted] 0 points 6 points (+6|-0) ago  (edited ago)

[Deleted]

0
1

[–] Iamoutlaw 0 points 1 points (+1|-0) ago 

Even if the traffic is encrypted, can they still see that you made a request to Wikipedia? Is it all encrypted after the connection has been established?

[–] [deleted] 0 points 2 points (+2|-0) ago 

[Deleted]

0
2

[–] NotSurvivingLife 0 points 2 points (+2|-0) ago 

...In the ideal case.

In practice you can often tell a whole lot more than just "you are visiting website <x>". Among other things, timing and the amount of bandwidth use.

Also, one of the real concerns with HTTP is not just surveillance but also modification. Ad injection, malware injection... The list goes on.

0
1

[–] NiklausTheNaked 0 points 1 points (+1|-0) ago  (edited ago)

HTTPS is the same as HTTP, except that it's encrypted. If you are using HTTP, anyone with access to your network (ex: people using the same wifi), or with access to any network between you and the website you are visiting (ex: Internet providers, governments, etc.), can snoop on what you are doing. They can see pretty much everything you do on a website. HTTPS stops this from happening.

0
0

[–] NotSurvivingLife 0 points 0 points (+0|-0) ago 

To an extent.

There are a number of vectors that HTTPS leaves open.

For instance, timing and bandwidth use.

0
1

[–] derram 0 points 1 points (+1|-0) ago 

Now if they could only do something about the corrupt editors.

0
1

[–] ur_nan 0 points 1 points (+1|-0) ago 

Why does this matter? This offers no more privacy than before as the URLs are not obscured. If someone was snooping on my session they could see the exact same page just by loading up the URL.

0
2

[–] geist 0 points 2 points (+2|-0) ago 

That's not entirely true. Only the domain is visible to snoopers -- right now, someone spying on my traffic would see that I connected to voat.co, but they wouldn't see the trailing /v/technology/comments/119182.

0
0

[–] ur_nan 0 points 0 points (+0|-0) ago 

Huh, I never knew that! That's fantastic. Do you know of any good sites where I can read up on this?

0
1

[–] RazorThyOwn 0 points 1 points (+1|-0) ago 

Sorry if this is a dumb question, but what does this mean for the average person?

0
2

[–] geist 0 points 2 points (+2|-0) ago  (edited ago)

HTTPS provides fairly strong encryption between your browser and the websites you visit. This means anyone snooping on your internet traffic won't be able to see the actual data you're sending and receiving. Posts, comments, private messages, logins, passwords, and the pages you visit are made secure from eavesdropping.

load more comments ▼ (14 remaining)