Topic: HTTPS for chumby.com and forum

Any plans to start using HTTPS to serve the login sections for chumby.com or the forum.  I just noticed Firefox scolding me for sending my password over an unencrypted link.  I could understand problems with the device using secure connections, but for user-visible parts, I think it would be pretty easy, especially with Let's Encrypt out there.

Re: HTTPS for chumby.com and forum

it's been there.

https://www.chumby.com/account/login

we just need to update the link on the main page.

thanks for the prompt.

on forum, just hit https://forum.chumby.com

Cleaning up any loose bits and bytes.

Re: HTTPS for chumby.com and forum

Sweet!

Re: HTTPS for chumby.com and forum

This will help you stay on HTTPS pages: https://www.eff.org/https-everywhere

Tar, feathers, congress. Some assembly required.

Re: HTTPS for chumby.com and forum

I've got to say, I just don't get the "https everywhere" push.

https everywhere it's warranted.... sure, but it's just a waste of computing power (on both ends) to be encrypting the weather forecast for transmission, or cat pictures... or well "everything".

Cleaning up any loose bits and bytes.

Re: HTTPS for chumby.com and forum

I understand it may not make sense to encrypt cat pictures and weather forecasts, but the point is more about making encryption the norm instead of special case. Most people on the internet are not even aware of the "s" in https when they are on a secure site. Making https the norm helps protect those that don't know any better which in the long run helps us all.

Tar, feathers, congress. Some assembly required.

Re: HTTPS for chumby.com and forum

There's also a lot of MITM attacks; your ISP can insert adverts on the page you're viewing.  Verizon have added tracking cookies to traffic through their network.  Attackers (eg at Starbucks) could insert malware into the web page you're looking at.  I wrote a blog post about this last year; https://www.sweharris.org/post/2016-05- … webserver/

Also https can be _quicker_ than http with modern browsers; https://www.troyhunt.com/i-wanna-go-fas … advantage/