FA+
Shop
On the Optional Use of Secure HTTP
6 years ago
Very quick journal because it's bugging me:
I've noticed some people seem to believe that having opt-in HTTPS for FurAffinity is acceptable. Though, as a software developer working full time let me put forth an analogy:
Imagine a hotel where you need to state your name and a secret phrase verbally at the door to enter as a paying guest. The hotel has the option to put this information on a secure key card so that you only have to swipe it to enter, but does not make this information abundantly clear. They also claim that their key card system is outdated and that it would put a strain on the staff to ensure all guests have key cards if they forced all guests to use them.
This is essentially where FurAffinity is at. It may be simple to call people who don't opt-in "idiots" as I have seen people accuse, but I am not sure why the responsibility would fall on the uninformed user.
The above analogy also demonstrates that it would only take a perpetrator to listen in on -one- guest verbally stating their name and secret phrase to gain entry to the hotel. You might then ask me "but then how is that any different than simply creating a new account?" To which I say "that's where the analogy breaks down," but it also has to do with intent. An individual with ill-intent rarely gets "access granted" right off the bat as you might see in TV. Hacking is quite often a game of incremental access, and even one user without a secure connection risks providing that first step.
TL;DR, another analogy: A tarp doesn't hold water if it has holes. This site desperately needs to update its infrastructure.
I've noticed some people seem to believe that having opt-in HTTPS for FurAffinity is acceptable. Though, as a software developer working full time let me put forth an analogy:
Imagine a hotel where you need to state your name and a secret phrase verbally at the door to enter as a paying guest. The hotel has the option to put this information on a secure key card so that you only have to swipe it to enter, but does not make this information abundantly clear. They also claim that their key card system is outdated and that it would put a strain on the staff to ensure all guests have key cards if they forced all guests to use them.
This is essentially where FurAffinity is at. It may be simple to call people who don't opt-in "idiots" as I have seen people accuse, but I am not sure why the responsibility would fall on the uninformed user.
The above analogy also demonstrates that it would only take a perpetrator to listen in on -one- guest verbally stating their name and secret phrase to gain entry to the hotel. You might then ask me "but then how is that any different than simply creating a new account?" To which I say "that's where the analogy breaks down," but it also has to do with intent. An individual with ill-intent rarely gets "access granted" right off the bat as you might see in TV. Hacking is quite often a game of incremental access, and even one user without a secure connection risks providing that first step.
TL;DR, another analogy: A tarp doesn't hold water if it has holes. This site desperately needs to update its infrastructure.
