Author Topic: Meta discussion  (Read 336 times)

Meta discussion
« on: August 11, 2020, 10:48:48 pm »
How long is my IP stored for?

Why don't you use HTTPS?

How often have you/do you share IP Addresses with third parties?

Thanks

BlackRose

Re: Meta discussion
« Reply #1 on: August 13, 2020, 02:34:38 am »
I have wondered the same why HTTPS is not used... not very secure.

I use the Brave browser and have my connection automatically upgraded to HTTPS. I have not once noticed any trackers or scripts that have been needed to be blocked so I guess that's a good thing; although, you do raise an excellent question.
« Last Edit: August 13, 2020, 02:37:28 am by BlackRose »
"I am the master of my fate, I am the captain of my soul." ~Ernest Henley

Liu

Re: Meta discussion
« Reply #2 on: August 13, 2020, 05:36:55 am »
Pretty sure because the admins are busy with other things in life.

Regarding IPs, indefinitely it seems. Considering the EU laws on that, this should really be changed, though, as it's now illegal to store the IPs from users from the EU for any longer than is necessary for strictly technical reasons, unless you have their explicit consent.

The main purpose for storing IPs, based on my experiences as a mod elsewhere, is being able to block spammers and making sure that a person isn't lying through their teeth regarding where they come from. With the new law you have only a short time frame (few days at the very most) to check an IP address to see whether you e.g. have several users using the same IP and thereby breaking website rules, in order to have a justification to ban them.

Kapalika

Re: Meta discussion
« Reply #3 on: August 13, 2020, 06:20:00 pm »
How long is my IP stored for?

Why don't you use HTTPS?

How often have you/do you share IP Addresses with third parties?

Thanks

I talked with Onyx about this a couple years ago and I vaguely recall he had some specific reason having to do with caching issues or something messing up the forums.

On my site I personally use cloudflare, there's a free and paid version. Really honestly https DOES cost money and that's another consideration, technically the way I use https on my own site is 'shared' as I understand it.

As far as I am aware, no IP addresses are ever shared with 3rd parties, I mean, we don't have ads even.

In the past I offered to help modernize the site and contribute but the systems we looked at were closed source which presents it's own host of problems, and there isn't a lot of open source software that fitted the site's needs that was modern and there wasn't really a budget/skillset to build things from scratch or pay someone to overhaul one that was "close enough". Unfortunately forum boards are, in terms of software, a niche market now in many ways.
https://kapalika.com

My religion is Satanism & Kashmir Shaivism via Vāmācāra

"We have none but evidence for the prosecution [against Satan] and yet we have rendered the verdict. To my mind, this is irregular. It is un-English. It is un-American; it is French." ... "We may not pay him reverence, for that would be indiscreet, but we can at least respect his talents." - Mark Twain
"God and the individual are one. To realize this is the essence of Shaivism." - Swami Lakshmanjoo

BlackRose

Re: Meta discussion
« Reply #4 on: August 13, 2020, 09:06:19 pm »
Thanks Kapalika  :mrgreen:

Also, it is not like people are entering sensitive information on this site like credit card information and I understand upgrading to an SSL Certificate would cost money. Seeing as I don't pay anything to be a member and have gained a lot of useful information for free I get it and am thankful to be a part of this community.



PSA: If anyone here is concerned about their security and privacy, for example entering their password to login, I highly HIGHLY recommend the Chrome extension: HTTPS Everywhere

It's useful for all of your browsing needs anywhere on the internet when the website only supports HTTP.

I also recommend the Brave browser if you want to go a step further with privacy in regards to 3rd party advertisers that track you. It also does a phenomenal job blocking ads. You can also use a VPN if you wish so your ISP can't see what you're doing.

If you really want to go a step further and are concerned about your security and privacy, use the TOR (The Onion Router) browser. Although be warned, it is slow not really necessary unless you're totally up to no good wanting to access dark web sites, eww.

Just my two cents, hope this helps! Cheers!
« Last Edit: August 13, 2020, 09:08:20 pm by BlackRose »
"I am the master of my fate, I am the captain of my soul." ~Ernest Henley

Re: Meta discussion
« Reply #5 on: August 14, 2020, 01:08:31 am »
I talked with Onyx about this a couple years ago and I vaguely recall he had some specific reason having to do with caching issues or something messing up the forums.

On my site I personally use cloudflare, there's a free and paid version. Really honestly https DOES cost money and that's another consideration, technically the way I use https on my own site is 'shared' as I understand it.

As far as I am aware, no IP addresses are ever shared with 3rd parties, I mean, we don't have ads even.

In the past I offered to help modernize the site and contribute but the systems we looked at were closed source which presents it's own host of problems, and there isn't a lot of open source software that fitted the site's needs that was modern and there wasn't really a budget/skillset to build things from scratch or pay someone to overhaul one that was "close enough". Unfortunately forum boards are, in terms of software, a niche market now in many ways.

I mean, HTTPS only costs money if you pay for a certificate. If you get a self-signed certificate then it'll still be an encrypted connection for free. Though I understand if some users are like, geriatric and will get scared off by it.

At the same time, nothing says "this has gotta be where the real Satanists are!" like your browser popping up with a giant warning that you're about to visit a dangerous site :mrgreen:

The IP address reasoning is honestly not that great. Any sort of caching issue would not require permanent IP address storage. I would understand for banning spammers, but IDK if that's really a problem with a captcha already required during registration. I also understand if it's just that something breaks when IP address storage is turned off, and nobody has time to figure out the bug.

Also, isn't there a TOS disclaimer during registration that says your IP will be forwarded to law enforcement for blah blah blah? Maybe I should have saved a screenshot lol.

PSA: If anyone here is concerned about their security and privacy, for example entering their password to login, I highly HIGHLY recommend the Chrome extension: HTTPS Everywhere

I also recommend the Brave browser if you want to go a step further with privacy in regards to 3rd party advertisers that track you. It also does a phenomenal job blocking ads. You can also use a VPN if you wish so your ISP can't see what you're doing.

If you really want to go a step further and are concerned about your security and privacy, use the TOR (The Onion Router) browser. Although be warned, it is slow not really necessary unless you're totally up to no good wanting to access dark web sites, eww.

Good advice. Just some comments:

1. HTTPS Everywhere only upgrades websites to HTTPS if they offer HTTPS but it is not on by default. It does nothing on websites like this one which do not offer any HTTPS whatsoever. Anything that claims to do such a thing would be very dangerous and significantly reduce your privacy.

2. Brave is pretty fishy. A project like TOR or a VPN which has a monetary incentive to protect your privacy makes a little sense (TOR is funded by the US Gov to help destabilize non-democratic countries, so it probably protects against everyone but its source of funding. VPNs are like 10% good 90% bad because even though their business is supposed to be in privacy, there are still ridiculously powerful incentives to steal your data). Brave, a free browser which is mysteriously swimming in cash, has zero incentive because they already have very little competition and they make up for their fishiness by being user-friendly and spamming lots of advertisements. Most of their advertisements I've seen were literal spambots shitting up sites which cater to privacy-conscious people. Not to mention that anything smaller than firefox or chrome is going to be less secure even if it's more private, and that's often a worse risk to take. Unfortunately firefox is the lesser of those two evils and that's about the best you can get.
« Last Edit: August 14, 2020, 01:36:31 am by satanism-throwaway »

Kapalika

Re: Meta discussion
« Reply #6 on: August 18, 2020, 08:02:29 pm »
I think what I might be recalling was specifically an issue with cloudflare in terms of caching.
Anyways ya I don't know much about it but fair point if I understood it correctly. I've been dealing with my own stuff the last 2 years so kind of not been active here but it would be great to see this place flourish again and sometimes I feel like trying to help out but it's like I don't know where to start. Maybe that would be a good step to make people new to the site feel safer, internet security wise.
https://kapalika.com

My religion is Satanism & Kashmir Shaivism via Vāmācāra

"We have none but evidence for the prosecution [against Satan] and yet we have rendered the verdict. To my mind, this is irregular. It is un-English. It is un-American; it is French." ... "We may not pay him reverence, for that would be indiscreet, but we can at least respect his talents." - Mark Twain
"God and the individual are one. To realize this is the essence of Shaivism." - Swami Lakshmanjoo

Onyx

Re: Meta discussion
« Reply #7 on: August 20, 2020, 05:12:24 pm »
The registration agreement:

Quote
You agree, through your use of this forum, that you will not post any material which is false, defamatory, inaccurate, abusive, vulgar, hateful, harassing, obscene, profane, sexually oriented, threatening, invasive of a person's privacy, adult material, or otherwise in violation of any International or United States Federal law. You also agree not to post any copyrighted material unless you own the copyright or you have written consent from the owner of the copyrighted material. Spam, flooding, advertisements, chain letters, pyramid schemes, and solicitations are also forbidden on this forum.

Note that it is impossible for the staff or the owners of this forum to confirm the validity of posts. Please remember that we do not actively monitor the posted messages, and as such, are not responsible for the content contained within. We do not warrant the accuracy, completeness, or usefulness of any information presented. The posted messages express the views of the author, and not necessarily the views of this forum, its staff, its subsidiaries, or this forum's owner. Anyone who feels that a posted message is objectionable is encouraged to notify an administrator or moderator of this forum immediately. The staff and the owner of this forum reserve the right to remove objectionable content, within a reasonable time frame, if they determine that removal is necessary. This is a manual process, however, please realize that they may not be able to remove or edit particular messages immediately. This policy applies to member profile information as well.

You remain solely responsible for the content of your posted messages. Furthermore, you agree to indemnify and hold harmless the owners of this forum, any related websites to this forum, its staff, and its subsidiaries. The owners of this forum also reserve the right to reveal your identity (or any other related information collected on this service) in the event of a formal complaint or legal action arising from any situation caused by your use of this forum.

You have the ability, as you register, to choose your username. We advise that you keep the name appropriate. With this user account you are about to register, you agree to never give your password out to another person except an administrator, for your protection and for validity reasons. You also agree to NEVER use another person's account for any reason.  We also HIGHLY recommend you use a complex and unique password for your account, to prevent account theft.

After you register and login to this forum, you will be able to fill out a detailed profile. It is your responsibility to present clean and accurate information. Any information the forum owner or staff determines to be inaccurate or vulgar in nature will be removed, with or without prior notice. Appropriate sanctions may be applicable.

Please note that with each post, your IP address is recorded, in the event that you need to be banned from this forum or your ISP contacted. This will only happen in the event of a major violation of this agreement.

Also note that the software places a cookie, a text file containing bits of information (such as your username and password), in your browser's cache. This is ONLY used to keep you logged in/out. The software does not collect or send any other form of information to your computer.

Re: Meta discussion
« Reply #8 on: August 20, 2020, 07:45:55 pm »
The registration agreement:

Quote
You agree, through your use of this forum, that you will not post any material which is false, defamatory, inaccurate, abusive, vulgar, hateful, harassing, obscene, profane, sexually oriented, threatening, invasive of a person's privacy, adult material, or otherwise in violation of any International or United States Federal law. You also agree not to post any copyrighted material unless you own the copyright or you have written consent from the owner of the copyrighted material. Spam, flooding, advertisements, chain letters, pyramid schemes, and solicitations are also forbidden on this forum.

Note that it is impossible for the staff or the owners of this forum to confirm the validity of posts. Please remember that we do not actively monitor the posted messages, and as such, are not responsible for the content contained within. We do not warrant the accuracy, completeness, or usefulness of any information presented. The posted messages express the views of the author, and not necessarily the views of this forum, its staff, its subsidiaries, or this forum's owner. Anyone who feels that a posted message is objectionable is encouraged to notify an administrator or moderator of this forum immediately. The staff and the owner of this forum reserve the right to remove objectionable content, within a reasonable time frame, if they determine that removal is necessary. This is a manual process, however, please realize that they may not be able to remove or edit particular messages immediately. This policy applies to member profile information as well.

You remain solely responsible for the content of your posted messages. Furthermore, you agree to indemnify and hold harmless the owners of this forum, any related websites to this forum, its staff, and its subsidiaries. The owners of this forum also reserve the right to reveal your identity (or any other related information collected on this service) in the event of a formal complaint or legal action arising from any situation caused by your use of this forum.

You have the ability, as you register, to choose your username. We advise that you keep the name appropriate. With this user account you are about to register, you agree to never give your password out to another person except an administrator, for your protection and for validity reasons. You also agree to NEVER use another person's account for any reason.  We also HIGHLY recommend you use a complex and unique password for your account, to prevent account theft.

After you register and login to this forum, you will be able to fill out a detailed profile. It is your responsibility to present clean and accurate information. Any information the forum owner or staff determines to be inaccurate or vulgar in nature will be removed, with or without prior notice. Appropriate sanctions may be applicable.

Please note that with each post, your IP address is recorded, in the event that you need to be banned from this forum or your ISP contacted. This will only happen in the event of a major violation of this agreement.

Also note that the software places a cookie, a text file containing bits of information (such as your username and password), in your browser's cache. This is ONLY used to keep you logged in/out. The software does not collect or send any other form of information to your computer.


Thanks Onyx, this is helpful.

Since you're an admin, could you take a moment to answer my original questions?

How long is my IP stored for?

Why don't you use HTTPS?

How often have you/do you share IP Addresses with third parties?

Liu

Re: Meta discussion
« Reply #9 on: August 22, 2020, 11:43:58 am »
Thanks for the reply, Onyx.

Now I'm no lawyer, but I think the statement needs to be adjusted a bit: There needs to be some way for users to request deletion of data stored at any time.
You could of course say this is possible for anyone by clicking "remove" on all their comments, yet I'm not sure whether that legally suffices.

Onyx

Re: Meta discussion
« Reply #10 on: August 23, 2020, 03:45:56 am »
The current legal boilerplate stands.

If someone chooses to delete their account and posts, they should be able to, with exception of main threads others have posted to without going through me first. If an account is deleted, the username reverts to the originally registered one. If someone deleted their account on their own accord without contacting me first, then too bad if there are consequences.

HTTPS is next to worthless except gaining consumer confidence, and I am under no obligation to bother with it. IP addresses are stored indefinitely, but I do not sell them, nor have I made a single dime off of this entire project. Quite the contrary in terms of time and money.

And I am not responsible for security issues if people choose/chose to participate:

Quote
You remain solely responsible for the content of your posted messages. Furthermore, you agree to indemnify and hold harmless the owners of this forum, any related websites to this forum, its staff, and its subsidiaries. The owners of this forum also reserve the right to reveal your identity (or any other related information collected on this service) in the event of a formal complaint or legal action arising from any situation caused by your use of this forum.
« Last Edit: August 23, 2020, 04:17:04 am by Onyx »