• Last Updated:
  • May 2nd, 2020 9:56 am
Tags:
[OP]
Deal Addict
Dec 13, 2010
1933 posts
850 upvotes
ON

RFD not secure?

I'm using Chrome. RFD is showing as not secure. HTTPS certificate broken or expired?
49 replies
[OP]
Deal Addict
Dec 13, 2010
1933 posts
850 upvotes
ON
I figured out how this happened.
I get emailed when someone replies to me.
The link in the email to see the thread specifies http, NOT https.

@TomRFD , Devs, maybe worth fixing?

And weirdly enough some emails have http, some have https
Sr. Member
User avatar
Oct 1, 2013
869 posts
837 upvotes
is anyone else getting a "not secure" rating on their browser for this website? I'm getting this on Safari and Chrome. I have tried this on several devices and they all show up as "not secure"
Images
  • Untitled.png
Deal Addict
Mar 5, 2006
1570 posts
653 upvotes
Toronto
just run the rfd url under https
Sr. Member
User avatar
Oct 1, 2013
869 posts
837 upvotes
This is so dumb. The direct link from Google to the Hot Deals forum doesn’t contain https:// and after logging in to your account on the forums page, the site kicks you out of https://. Shake my head.
Deal Addict
User avatar
Sep 10, 2005
4359 posts
1618 upvotes
GTA
Looks like RFD doesn't have HTTPS enabled by default.

Youu shouldn't follow links through email anyway. That's always a security concern because of phishing attempts. Best to go to a site directly through the address bar or a bookmark
Sr. Member
User avatar
Oct 1, 2013
869 posts
837 upvotes
Dave98 wrote: Looks like RFD doesn't have HTTPS enabled by default.

Youu shouldn't follow links through email anyway. That's always a security concern because of phishing attempts. Best to go to a site directly through the address bar or a bookmark
This is what I ended up doing. So strange that it’s not enabled by default. It’s just a pain that I have to click on my bookmark link and then search the thread I got an email alert for.
Deal Guru
Aug 14, 2007
10603 posts
1799 upvotes
Toronto
Not sure if it matters to the RFD community, but redflagdeals.com comes up as secure however in chrome when going to forums.redflagdeals.com it shows as Not Secure.

Just thought I would give a heads up in case that is something that needs to be looked in to.

EDIT: Apparently the search function failed on me when posting this.
Capture.JPG
Deal Guru
Mar 22, 2004
13040 posts
3525 upvotes
RFD
I've noticed RFD not being https by default on more than a few occasions, sometimes through searches, and sometimes I think it has to do with a particular browser.
Member
Jun 9, 2012
423 posts
271 upvotes
Vancouver
It should be on all the time to maintain privacy. There are some users here that use RFD to make purchases and without encrypting the traffic, other users on the same network could capture account credentials or whatever important private messages that are sent on RFD.
Sr. Member
User avatar
Oct 1, 2013
869 posts
837 upvotes
BigBrother0 wrote: It should be on all the time to maintain privacy. There are some users here that use RFD to make purchases and without encrypting the traffic, other users on the same network could capture account credentials or whatever important private messages that are sent on RFD.
What do you mean by encrypting traffic? VPN?
Member
Jun 9, 2012
423 posts
271 upvotes
Vancouver
dealxtremeleecher wrote: What do you mean by encrypting traffic? VPN?
HTTPS encrypts web browser traffic, typically on port 443, but can be on any port. It will only reveal to others on your local network that you connected to RFD A VPN is a way to encrypt data between two computers across the internet, typical consumers these days use VPN to redirect their traffic thru a VPN server as a way to hide their real internet connection origin (circumventing region blocks for internet services). A VPN does not encrypt your web browser traffic, so if someone from the VPN provider side decided to capture your web browsing activity for whatever reason, they might also capture login + password + sensitive messages that are sent and received on HTTP. However at least during a VPN connection, the local network will only know that you are sending traffic to the VPN, nothing else.

The only time I see HTTP to be very bad is if you are using public wifi or even work wifi as you have no control over who gets access to the local network, so some wifi user or even the wifi provider themselves can snoop around for login credentials and messages sent on HTTP. This is the only scenario where HTTP is very bad and HTTPS is necessary. A VPN could also work in such a case, but you have to trust the VPN provider isn't snooping your HTTP traffic.

Top

Thread Information

There is currently 1 user viewing this thread. (0 members and 1 guest)