I talked with Onyx about this a couple years ago and I vaguely recall he had some specific reason having to do with caching issues or something messing up the forums.
On my site I personally use cloudflare, there's a free and paid version. Really honestly https DOES cost money and that's another consideration, technically the way I use https on my own site is 'shared' as I understand it.
As far as I am aware, no IP addresses are ever shared with 3rd parties, I mean, we don't have ads even.
In the past I offered to help modernize the site and contribute but the systems we looked at were closed source which presents it's own host of problems, and there isn't a lot of open source software that fitted the site's needs that was modern and there wasn't really a budget/skillset to build things from scratch or pay someone to overhaul one that was "close enough". Unfortunately forum boards are, in terms of software, a niche market now in many ways.
I mean, HTTPS only costs money if you pay for a certificate. If you get a self-signed certificate then it'll still be an encrypted connection for free. Though I understand if some users are like, geriatric and will get scared off by it.
At the same time, nothing says "this has gotta be where the real Satanists are!" like your browser popping up with a giant warning that you're about to visit a dangerous site
The IP address reasoning is honestly not that great. Any sort of caching issue would not require
permanent IP address storage. I would understand for banning spammers, but IDK if that's really a problem with a captcha already required during registration. I also understand if it's just that something breaks when IP address storage is turned off, and nobody has time to figure out the bug.
Also, isn't there a TOS disclaimer during registration that says your IP will be forwarded to law enforcement for blah blah blah? Maybe I should have saved a screenshot lol.
PSA: If anyone here is concerned about their security and privacy, for example entering their password to login, I highly HIGHLY recommend the Chrome extension: HTTPS Everywhere
I also recommend the Brave browser if you want to go a step further with privacy in regards to 3rd party advertisers that track you. It also does a phenomenal job blocking ads. You can also use a VPN if you wish so your ISP can't see what you're doing.
If you really want to go a step further and are concerned about your security and privacy, use the TOR (The Onion Router) browser. Although be warned, it is slow not really necessary unless you're totally up to no good wanting to access dark web sites, eww.
Good advice. Just some comments:
1. HTTPS Everywhere only upgrades websites to HTTPS
if they offer HTTPS but it is not on by default. It does nothing on websites like this one which do not offer any HTTPS whatsoever. Anything that claims to do such a thing would be very dangerous and significantly reduce your privacy.
2. Brave is pretty fishy. A project like TOR or a VPN which has a monetary incentive to protect your privacy makes a
little sense (TOR is funded by the US Gov to help destabilize non-democratic countries, so it probably protects against everyone but its source of funding. VPNs are like 10% good 90% bad because even though their business is supposed to be in privacy, there are still ridiculously powerful incentives to steal your data). Brave, a free browser which is mysteriously swimming in cash, has zero incentive because they already have very little competition and they make up for their fishiness by being user-friendly and spamming lots of advertisements. Most of their advertisements I've seen were literal spambots shitting up sites which cater to privacy-conscious people. Not to mention that anything smaller than firefox or chrome is going to be less secure even if it's more private, and that's often a worse risk to take. Unfortunately firefox is the lesser of those two evils and that's about the best you can get.