NamePros now uses HTTPS

[Paul]

We've been slowly adopting HTTPS over the past few weeks. For those of you who don't know, HTTPS, often known by the name SSL, is a means of securing the connection between your web browser and our web servers. That way, people can't as easily intercept passwords, financial details, and other sensitive information. Depending on your browser, you may notice that a lock icon appears and part of the URL in your address bar turns green when you're on NamePros.

If you notice that any images, links, or functionality has broken as a result of this change, please let me know.

Technical Information

Our entire site now offers:

• TLS/SSL for secure web connections
• HTTP Strict Transport Security (HSTS)
• SPDY - Wikipedia, the free encyclopedia, the next-generation HTTP protocol

The first two features combined make it much more difficult for hackers--or even company networks/firewalls--to intercept your information. Pretty much every browser supports TLS, or at the very least SSL. HSTS makes it harder for hackers to trick your computer into disabling TLS/SSL without notifying you; unfortunately, most versions of Internet Explorer do not support it, but other modern browsers do.

SPDY is an enhanced web protocol largely developed by Google. It can dramatically improve web page loading speeds, especially on slow connections. It only works over HTTPS, and only the latest browsers support it, including recent versions of Internet Explorer. We hope this will improve the browsing experience of our global and mobile members. Google Chrome works very well with SPDY from my experience, but if you have an older computer, Mozilla Firefox will likely run better.

 

[Kenny]

Hi Paul,

Any way to kill the popup?

Peace,
Cy

 

[Paul]

It took me a while to figure out what you meant. I don't know of any modern browsers that still use that popup, even IE.

The popup appears when some items on the page aren't secure. In our case, this happens when people embed external images using http:// URLs instead of https://. There's not a whole that we can do about this. We could theoretically download all such images and host them ourselves, but that could lead to some legal problems.

Looking at other large forums that also use HTTPS, there doesn't seem to be a good server-side solution. The best I can do is tell you to upgrade your web browser, but I don't think you want to do that. It's worth noting, though, that the web is continually evolving, and websites are constantly dropping support for old browsers. We try to be conservative on that front, but there's only so much that we can do without hindering functionality for other users, I'm afraid. Only a small percentage of NamePros visitors use Internet Explorer, and most of them use a recent version.

What version of IE are you using, assuming it's IE? I'll take note of it going forward.

---------- Post added at 05:06 PM ---------- Previous post was at 04:46 PM ----------

Hey, Cyberian, look what I found

Disable Mixed Content Warning in Internet Explorer

 

[Kenny]

Thanx brah, mo betta now.

Peace,
Cy

 

[DU]

Did this cause Tapatalk to stop working (it shouldn't have) but since around this time it hasn't worked which accounts (in part) for my lack of participation lately.

I tried resetting the forum on the tapatalk app on my phone but won't work as "guest" either.

Cheers.

 

[Eric Lyon]

Did this cause Tapatalk to stop working (it shouldn't have) but since around this time it hasn't worked which accounts (in part) for my lack of participation lately.

I tried resetting the forum on the tapatalk app on my phone but won't work as "guest" either.

Cheers.

We were actually just talking about tapatalk the other day. As we move forward we'll be looking into tapatalk to see if they provide any 2014 update support as well as alternatives. Not sure yet how that's going to play out, but from what I understand / been told, tapatalk technology is outdated and requires lots of support to get it current with today's technology.

We'll see how things play out as we move forward, We are definitely looking more into better support for mobile technology though.

Eric Lyon

 

[DU]

We were actually just talking about tapatalk the other day. As we move forward we'll be looking into tapatalk to see if they provide any 2014 update support as well as alternatives. Not sure yet how that's going to play out, but from what I understand / been told, tapatalk technology is outdated and requires lots of support to get it current with today's technology.

We'll see how things play out as we move forward, We are definitely looking more into better support for mobile technology though.

Eric Lyon

What do you mean that tapatalk is outdated? I thought it had just been upgraded. (I don't know - I'm just a user).

But are you saying that there is not a mobile solution that NP is using? This is really quite inconvenient as the site is hard to use directly on my phone without the App - though Johname's nifty signature helps

Are there any mobile options that you are considering? This is a big deal for me. I'd be willing to buy an alternative - perhaps you should brand your own special NP mobile app... that would be a revenue driver right there.

 

[Paul]

DU, proper mobile support is in the works. It'll be some time before it's ready, but we're actively developing that and related featuresets.

An answer on Stack Overflow explains very briefly why Tapatalk is problematic; it's about the Chrome extension--which was removed from the Web Store for being outdated--but the mobile version uses the same protocol. While its functionality may seem appealing, it's a poorly designed application, with no effort to provide security or privacy. It's what we programmers like to call a hackjob.

 

[DU]

DU, proper mobile support is in the works. It'll be some time before it's ready, but we're actively developing that and related featuresets.

An answer on Stack Overflow explains very briefly why Tapatalk is problematic; it's about the Chrome extension--which was removed from the Web Store for being outdated--but the mobile version uses the same protocol. While its functionality may seem appealing, it's a poorly designed application, with no effort to provide security or privacy. It's what we programmers like to call a hackjob.

That link simply says that Tapatalk is problematic because it posts a request to a folder that isn't there (but is there if tapatalk is enabled)? That's a big deal?

Doesn't seem like an issue. I was looking forward to reading about security and privacy issues

I read their privacy policy and didn't see any major alarms:

http://tapatalk.com/privacy.php

I have never seen anything that risks my security- I've read a few things server side that have been corrected. What are the concerns you've read? I'm genuinely interested.

The larger issue seems to be with forums not liking the direction of the app in terms of monetization: it's my forum, my traffic, my place to control ads, etc. Also there is some bypassing of spam filters, and google analytics which they don't like. I don't run a forum so I can't see how many errors get logged day to day (one may be that you can see a ban user button which fails if you try it..lol)

You haven't said any of those specifically so I'll take it at face that there are security concerns.

I look forward to your mobile solution. In the mean time I'll continue to be here less and less - simply because I can't use the forum on my phone and that's the larger part of my access from day to day!

Thanks for the answer, I appreciate it. I am curious to know if anyone else uses Tapatalk though - I would be surprised if I was the only one.

 

[Paul]

Personally, I find it a bit naive for sites to see Tapatalk as a monetization issue, though there are certainly many that do. The problem is that the request is made to a page without knowing whether or not it's valid or intended to be fed to the application. It could end up retrieving information designed to exploit Tapatalk. The program should really look for some sort of signal before making such requests, indicating that the site supports Tapatalk.

This isn't really as much of a problem as it used to be when Tapatalk was just a browser plugin, but it caused people to look into this "mysterious" application that was making random requests to web servers. It's not the worst code I've seen, but it's certainly not something I'd want running on my phone.

As far as I know, though, nobody is actively exploiting Tapatalk. I don't know if anyone has tried.

 

[DU]

The problem is that the request is made to a page without knowing whether or not it's valid or intended to be fed to the application. It could end up retrieving information designed to exploit Tapatalk.

How would any remote app know any fetched page is valid before fetching it unless it controlled the source?

Taken to the extremes - my browser doesn't know whether the page is valid either

The program should really look for some sort of signal before making such requests, indicating that the site supports Tapatalk.

I thought that was the complaint in the link you referred to? That it checked for mobiquo as some "mysterious" app?

I guess they could run everything through their own authentication/setup server but you would still face the same issues plus more - perhaps this is why we need a NP branded forum app so we know it's top notch and will work.

Can you make that #1 priority

 

[Eric Lyon]

@DU We've re-enabled Tapatalk for NamePros. You'll need to add our new profile in the Tapatalk app; search for "NamePros" to get started.