Those intimidating AND misleading little "Locked Boxes" - Green OR otherwise!

There are 9 replies in this Thread. The last Post () by CruiseJunki.

  • How many of you on this forum have ever taken notice of the Lock Icon - or other icons - positioned to the left of the URL

    in the address bar of the site you are visiting?


    My partner and I are working on our new website / forum project - and extremely few people know about it -

    (which actually as it tuns out is a good thing for now at least).

    WHY?


    Because of those symbols (icons) which appear next to the URL of the website name in the address bar.

    They can be "great" for some website / forum owners, but very damaging for others!

    My partner and I "fit in" the latter mentioned.


    We have recently looked at our first entry, e.g., pointing our browsers towards the "welcome" page of our new project.

    No matter which browser we use - Microsoft Edge, Firefox, Google Chrome, or Opera - the "lock icon" or " i " - etc., etc,

    which appear next to the URL is derogatory to say the least. It could not be worse if one deliberately set out to discourage people from

    visiting our site (and that is why I state above that it is a good thing practically no one knows about us, yet).


    Even though we invested in an SSL Certificate, it is of no value - because the certificate is of a "grade" lowest available, apparently.

    Yesterday I had a conversation with Tech Support at ENOM.com (an affiliate of Two Cows). They are one of the largest sellers of

    Domain Names in the U.S. - and elsewhere. They also offer MANY other things website and forum owners need in order to have

    a website/forum which will have at least some chance of being "accepted" by those individuals who are into becoming a MEMBER.


    The conversation - and information provided by the tech guy - was an eye-opener for sure!

    The conversation (and advice that came out of that conversation) left NO DOUBT that my partner and I will have to spend more

    money on "proving" we are NOT the bad guys on the block than on some of the software we will be using to offer such things as

    Audio / Video Chat for example.


    However, that is the "price" one must pay for living in a world where no one trusts anyone; a world of "hackers", "malware artists",

    virus attacks, and individuals who are potentially many times more often now to commit "cyber crimes" than to do a "good deed".


    However, my partner and I have "gone beyond the point of no return" - might as well go the rest of way.

    There is a tremendous competition awaiting anyone who ventures into creating and establishing a website;

    and even MORE fierce competition when it comes to an individual/s who have launched a FORUM!


    Kurt and I are convinced that the only hope of making it with our forum / website project is to try and make it totally unique to anything

    else - and that pertains not only to the "theme" of the website, but to WHAT is offered in the way of "perks" to the individual/s who may

    be considering becoming a MEMBER of the Forum / website.


    If anyone is interested in the above, contact me and we will put YOU our Forum / Website "updates" list


    DJ

  • The padlock you refer to CruiseJunki is designed to indicate that there's an encrypted link between the client and the server.

    This is what SSL really means:

    "This is important because the information you send on the Internet is passed from computer to computer to get to the destination server. Any computer in between you and the server can see your credit card numbers, usernames and passwords, and other sensitive information if it is not encrypted with an SSL certificate."

    As you know, this forum has SSL and the question is, do users appreciate that benefit?

    One drawback is that previews of sites no longer work for sites that are not SSL. For example, the BBC is NOT SSL, so any link previews will no longer work, with just the link showing instead. In fact many news organisations are not SSL, but then if you can't trust BBC content, who can you trust?

  • The padlock you refer to CruiseJunki is designed to indicate that there's an encrypted link between the client and the server.

    This is what SSL really means:

    "This is important because the information you send on the Internet is passed from computer to computer to get to the destination server. Any computer in between you and the server can see your credit card numbers, usernames and passwords, and other sensitive information if it is not encrypted with an SSL certificate."

    As you know, this forum has SSL and the question is, do users appreciate that benefit?

    One drawback is that previews of sites no longer work for sites that are not SSL. For example, the BBC is NOT SSL, so any link previews will no longer work, with just the link showing instead. In fact many news organisations are not SSL, but then if you can't trust BBC content, who can you trust?

    Kim Jung Un.

  • The padlock you refer to CruiseJunki is designed to indicate that there's an encrypted link between the client and the server.

    This is what SSL really means:

    "This is important because the information you send on the Internet is passed from computer to computer to get to the destination server. Any computer in between you and the server can see your credit card numbers, usernames and passwords, and other sensitive information if it is not encrypted with an SSL certificate."

    As you know, this forum has SSL and the question is, do users appreciate that benefit?

    One drawback is that previews of sites no longer work for sites that are not SSL. For example, the BBC is NOT SSL, so any link previews will no longer work, with just the link showing instead. In fact many news organisations are not SSL, but then if you can't trust BBC content, who can you trust?

    Hello Splinter,


    Yes, I know what SSL is designed for (or supposed to accomplish).


    Unfortunately most SSL Certificates issued by Hosting Providers (OR even some Domain Name Sellers) are not holding up to what they are designed for.

    Many are "basic grade" SSL Certificates - and there is a very good reason why this is so:

    Because EV Certificates are VERY EXPENSIVE TO PURCHASE.

    AND, they require extensive application processes for the individual applying for a TRUE EV Certificate.


    Firefox began the "push" in the direction of EV Certificates; and Microsoft came in right behind them with their own. However purchasing an EV from

    Microsoft only works on Microsoft Browsers like Microsoft Edge. In other words, if a website owner OR forum owner has visitors coming to their site

    by way of a DIFFERENT BROWSER (other than Microsoft), purchasing that EV from Microsoft is a total waste of money.


    My conversation with an SSL Certificate Specialist the other day from ENOM provided me a more comprehensive view of SSL Certicates and

    EV Certificates than I have ever encountered from any other source.

    In addition, after speaking with him, I went to several Hosting Provider Sites (including my own Hosting Provider), and several sites like ENOM.

    I clicked on THEIR website info icon next to their URL: ALL OF THEM HAD INSTALLED SPECIALIZED SSL GRADE EV CERTIFICATES.


    I haven't included here with this Post the info that comes up when clicking on the ICON of the website / forum I and my buddy are presently working on, but in FOUR BROWSERS I used yesterday to connect to our website, ALL had extremely negative remarks connected with

    the website status as relates to "safe site"; not safe; No encryption; "browsing this site may leave you open to hackers"; and several other remarks

    that would scare off just about any sane and intelligent individual who was considering Membership Registration in our site!


    And that brings me to your comment: " ... do users appreciate that benefit?" (SSL)

    Well Splinter, I can only rely by saying this:

    The "push" is on in web surfing and web surfers to make things as "safe" as possible for one's Customers, Members, and in general, those precious

    first time Visitors to one's site.


    The web-surfing PUBLIC is becoming more and more aware of all the 'horrible' dangers -

    (and dangerous cut-throats and vicious criminals) -

    lurking somewhere "out there", just waiting for the opportunity to get into their

    private info, credit card information, bank accounts, etc., etc.

    -------- and in some cases maybe even activating paranoia regarding personal matters on the "home front" !


    Of course, if one has the popularity, "U.S. congressional like" power of influence, and accomplished membership numbers that are

    into the millions of members - BEFORE the web surfing scare tactics became popular- then I guess it doesn't matter much.


    But I am not a "Zuckerberg type", or CEO of a prominent phone manufacturer; I (and this includes my buddy) are just poor little peasants trying to

    convince people that our site website and forum will NOT destroy one's life if they choose to become a Member!


    DJ

  • UPDATE FOR WHOMEVER MAY BE INTERESTED:


    It took awhile but I finally was able to secure the "Green Padlock" on ALL pages of my website - accomplished in significant part by the help given me

    by the Hosting provider for the website and forum. I would never consider anyone else than whom I presently host with.

    I know for a fact that GoDaddy (and at least two other hosting companies I have dealt with since 2003)

    would have NEVER extended to me the technical help that 247-Host.com have given me.


    As for SSL Certificates in general:

    There is a huge difference between a generic or basic SSL Certificate and one that is "enhanced";

    and much more of a difference with regard to EV Certificates.


    Basic Certificates - regardless of the company issuing them - usually only provide very basic information.


    Enhanced SSL Certificates usually provide for additional information about the person/s or (company name) who owns and/or manages

    the website or forum the SSL Certificate was issued for.


    EV Certificates are issued to companies (OR individuals sometimes); and the person, group, or business making the application for an EV Certificate

    MUST go through an extensive verification process - often taking 10 days to secure such a certificate.


    DJ

  • Sometimes I wish I'd never gone SSL actually, especially since non ssl sites no longer display previews like the BBC for instance.

    The only private details this website hold are email and IP addresses and so do news sites, most of whom are NOT SSL anyway.

    When you say: " ...... non ssl sites no longer display previews like the BBC for instance"

    I assume that you mean they do not display from your Forum / Website.


    Somewhere in the "internal settings" (for either the Woltlab software you are using for your (this forum)

    and / or in the software from cls Design)

    there is a setting which can be changed so that you will no longer have this problem.


    I know this because when I first selected phpBB software to run on my "forumlite website" - [I now use SMF] -

    I had a problem with even logging into the ACP because of forcing "https" rather than using "http" for my forum.

    When the tech guys at my hosting provider changed the port setting, the problem went away.


    I don't know the technical reason for this, and I cannot tell you where to find the setting in YOUR forum/website (and most certainly not

    where such a setting revision can be had in Woltlab software)

    but once that setting is "adjusted" for you using https instead of http, the problem you are experiencing will be resolved.


    DJ

  • Before I went SSL/HTTPS sites like the BBC would display a Facebook style preview of the link, but since the BBC is not considered secure, only the link will show and no preview.

    I'm not sure if that can be circumvented.

    Splinter, I honestly don't know in particular whom you can get to fix this for you (I can't ask my hosting provider because they have thousands of customers to help; and I am sure they would NOT appreciate it I asked them to help a "non-customer"); however, if a software / computer / website tech guy knows what he is doing, he can make the "adjustment" to the setting/s in your website which will make this work for you. It is not that difficult for someone who knows what they are doing!


    Why not ask the guy at cls-Design AND Woltlab?

    If they don't want to get involved or if they "claim" they know nothing about it (which is probably hogwash on their part), you can always "farm out" to an experienced tech guy.


    One of the best independent places to enlist (advertise for tech aid) is: [I will come back and fill in here as I can't remember their name right off hand].

    UPDATE:

    Upwork - Hire Freelancers & Get Freelance Jobs Online

    https://www.upwork.com/



    DJ