Author Topic: Site-Wide SSL is here (kinda)  (Read 398 times)

Conan

  • Postcount killed Trogdor
  • *****
  • Posts: 844
  • E-points: +44/-12
  • \(_o)/
    • View Profile
Site-Wide SSL is here (kinda)
« on: September 19, 2016, 05:21:02 am »
For years there have been promises made of site-wide SSL. FurAffinity has had their SSL certificate since May 2010. Following the hack earlier this year, this message was tweeted out:

May 26
FA is currently testing site-wide SSL, and plan to deploy it to the site as soon as we're able.

On August 18th, site-wide SSL was still "in testing". That is a little over three months of "testing" something that most competent system administrators can set up in an afternoon, with a couple of breaks. This was posted on the same day a Twitter user revealed that you can intercept FA notes on shared WiFi.

Fast forward to August 23rd...
We've implemented enhanced site-wide SSL. You can enable it via the Account Settings page.

This tweet was also the only mention of this new feature. The last site notice to be sent out had to do with FAU on July 14th. I'm not sure what makes it "enhanced", but this is the first time I've ever heard of SSL being a thing you need to opt-in to. I suppose this way they can protect their valuable "resources" from being used while blaming users for any data breaches that may occur due to the use of a unsecured connection.