Overclock.net › Forums › Overclock.net Forum › Forum Platform Help and Discussion  › Why does OCN not have an SSL certificate?
New Posts  All Forums:Forum Nav:

Why does OCN not have an SSL certificate? - Page 2

post #11 of 18
With the recent ISP privacy thing being retracted, using HTTPS on the forums (outside of the login page) probably is a good idea when you consider that these are literally tech forums...
post #12 of 18

Hi all,

 

In recent years, the technical reasons blocking us from implementing full-site HTTPS have mostly become moot. Certificates are readily available, and even though our parent company likely wouldn't be going through Lets Encrypt or another free issuer, cost is mostly negligible. Server load at our scale (many million page views per month) also used to be more of a concern, but modern CPUs have largely rendered this negligible, as well. Google publishes numbers stating the total overhead from TLS encryption/decryption on their web frontends is about 1%, even at their massive scale.

 

So, the real reason we can't go full-HTTPS? Ad networks. Quite simply, our advertising fill rates would drop by between 50 to 60% if we went full HTTPS today, and this would be economically unsustainable. Our leadership team here is all tech savvy, and several of us are even developers ourselves in our day jobs - we're well aware of the benefits and justification for an HTTPS internet (not to mention, we'd also love to be able to take advantage of HTTP/2 for site performance). But the decision today, with the current state of the advertising industry, is one where we must decide between going full-HTTPS or closing the site's doors because it loses too much money.... and given that constraint, the choice is obvious. We don't bring in enough revenue from direct-sold ad campaigns or Overclocked account subscriptions to make up the difference, and I don't have a problem being open about this fact. At this point, its purely a financial consideration.

 

We hope that as the rest of the internet continues its march towards full-HTTPS by default, so to will the advertising networks who we rely on to pay for our operations - but that time hasn't come yet. As soon as we can make a move, we will. In the meantime, rest assured that your usernames, passwords, registration info, etc are all collected from HTTPS pages and sent back to HTTPS endpoints.

 

Thanks for the understanding.

Morpheus Mini
(7 items)
 
  
CPUMotherboardGraphicsRAM
i7-6700T SN970 GTX 960 Crucial CT102464BF160B 
Hard DriveOSAudio
Samsung 850 Evo M.2 Windows 10 Pro MOTU Audio Express 
  hide details  
Reply
Morpheus Mini
(7 items)
 
  
CPUMotherboardGraphicsRAM
i7-6700T SN970 GTX 960 Crucial CT102464BF160B 
Hard DriveOSAudio
Samsung 850 Evo M.2 Windows 10 Pro MOTU Audio Express 
  hide details  
Reply
post #13 of 18
applaud.gif
Very well put. Thank you for being so open and honest with a straight forward answer. Cheers, Chipp!
Primary
(18 items)
 
Secondary
(9 items)
 
Tertiary
(10 items)
 
CPUMotherboardGraphicsRAM
Ryzen 7 1700 ASUS Pro x370 Prime Gigabyte Windforce 1070 GSkill 3000MH C15 1.35V 
Hard DriveHard DriveHard DriveOptical Drive
Seagate 1TB (ST1000DM003 9YN162) Seagate 2TB (ST2000DM001 1CH164 Trion 150 960GB Some LG Blu-Ray 
CoolingOSMonitorMonitor
Noctua D14 Windows 7 Profession 64bit Acer V246HL Acer G245HQ 
MonitorKeyboardPowerCase
ASUS MX25AQ Logitec G710+ Rosewill Capstone 450W Cooler Master Haf XB EVO 
MouseMouse Pad
Roccat Lua My table 
CPUMotherboardGraphicsRAM
AMD FX 8350 ASUS Sabertooth 990FX EVGA 560TI ADATA 4x2GB 1600C9 1.65V-1.5V 
Hard DriveCoolingOSPower
Some 2.5in 1TB drive Stock Windows 7 Home Premium 64bit Corsair TX850 
Case
Cooler Master HAF 
CPUMotherboardRAMOptical Drive
i7-960 Gigabyte X58 ADATA 2x2GB 1600C9 1.65V-1.5V Generic DVD 
CoolingOSMonitorKeyboard
Asetek 510LC Linux with pfSense in VM Some generic 1280x1024 Generic 
CaseMouse
Corsair Carbide 400R Generic 
  hide details  
Reply
Primary
(18 items)
 
Secondary
(9 items)
 
Tertiary
(10 items)
 
CPUMotherboardGraphicsRAM
Ryzen 7 1700 ASUS Pro x370 Prime Gigabyte Windforce 1070 GSkill 3000MH C15 1.35V 
Hard DriveHard DriveHard DriveOptical Drive
Seagate 1TB (ST1000DM003 9YN162) Seagate 2TB (ST2000DM001 1CH164 Trion 150 960GB Some LG Blu-Ray 
CoolingOSMonitorMonitor
Noctua D14 Windows 7 Profession 64bit Acer V246HL Acer G245HQ 
MonitorKeyboardPowerCase
ASUS MX25AQ Logitec G710+ Rosewill Capstone 450W Cooler Master Haf XB EVO 
MouseMouse Pad
Roccat Lua My table 
CPUMotherboardGraphicsRAM
AMD FX 8350 ASUS Sabertooth 990FX EVGA 560TI ADATA 4x2GB 1600C9 1.65V-1.5V 
Hard DriveCoolingOSPower
Some 2.5in 1TB drive Stock Windows 7 Home Premium 64bit Corsair TX850 
Case
Cooler Master HAF 
CPUMotherboardRAMOptical Drive
i7-960 Gigabyte X58 ADATA 2x2GB 1600C9 1.65V-1.5V Generic DVD 
CoolingOSMonitorKeyboard
Asetek 510LC Linux with pfSense in VM Some generic 1280x1024 Generic 
CaseMouse
Corsair Carbide 400R Generic 
  hide details  
Reply
post #14 of 18
To be honest 99% of websites should be implementing TLS 1.2 these days. This stuff is 2008 old now nearly a decade and not that hard to implement.
12 Thread i7x
(17 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7 3960X Rampage IV Extreme XFX Vega64 WC - RX-VEGMXWFXW G.Skil F3-170000CL9-4GBZH Ripjaws Z DDR3 2133 
Hard DriveHard DriveOptical DriveCooling
Samsung SSD 840 EVO WD WD30EFRX Samsung DVDWBD SH-B123L Corsair H80 
OSMonitorMonitorMonitor
Windows 10 Pro 64Bit Samsung U28E590D Vizio 22" M220VA Vizio 22" E220VA 
KeyboardPowerCaseMouse
Overclock.net Edition Ducky 1087 10 Key-less Bl... XFX-850 Black Edition HAF - 932 Black Edition Cooler Master Storm Inferno 
Mouse Pad
World of Warcraft Cataclysm Collectors Edition 
  hide details  
Reply
12 Thread i7x
(17 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7 3960X Rampage IV Extreme XFX Vega64 WC - RX-VEGMXWFXW G.Skil F3-170000CL9-4GBZH Ripjaws Z DDR3 2133 
Hard DriveHard DriveOptical DriveCooling
Samsung SSD 840 EVO WD WD30EFRX Samsung DVDWBD SH-B123L Corsair H80 
OSMonitorMonitorMonitor
Windows 10 Pro 64Bit Samsung U28E590D Vizio 22" M220VA Vizio 22" E220VA 
KeyboardPowerCaseMouse
Overclock.net Edition Ducky 1087 10 Key-less Bl... XFX-850 Black Edition HAF - 932 Black Edition Cooler Master Storm Inferno 
Mouse Pad
World of Warcraft Cataclysm Collectors Edition 
  hide details  
Reply
post #15 of 18
Quote:
Originally Posted by drufause View Post

To be honest 99% of websites should be implementing TLS 1.2 these days. This stuff is 2008 old now nearly a decade and not that hard to implement.

I agree on that one, and definitely think OCN should have been one of the first to do it... however, at least we got a clear reason why not.

Quite ironic though, the ads (essentially one of the forces we are fighting against for this privacy thing) are the very reason why we aren't getting encryption...
post #16 of 18
He is correct. I have seen this problem with ads not being fed to HTTPS properly and you don't always get the view count when a page with HTTPS w/an ad gets pinged.

This isn't Bank of America, you can afford to lose a few PMs and post count if anything were to happen. Not like OCN is a big target for hackers anyhow.
post #17 of 18
Quote:
Originally Posted by jade falcon View Post

Couldn't the site be setup in a way the allowed the adds to be funneled in via a insecure connection out side of https?

Sorry, I don't deal with this end of things at work. So I wouldn't know much about adds. But I have a hard time believing that's the problem.

 

This would negate the point of having HTTPS. Where you choose to have HTTPS, you want it all HTTPS on said page, not half and half as you are just undermining the security of HTTPS all together :( As stated before, Ad providers just are not there yet regarding their use over HTTPS.

post #18 of 18
Thread Starter 
What about AdSense?

Ad networks that serve ads on HTTPS web pages: AdSense, ValueBrand, RTB, Chalk Social and Creafi (after the change of the ad tags).

https://woorkup.com/google-adsense-https-support/
Edited by aweir - 4/6/17 at 6:32pm
New Posts  All Forums:Forum Nav:
  Return Home
Overclock.net › Forums › Overclock.net Forum › Forum Platform Help and Discussion  › Why does OCN not have an SSL certificate?