FREE! Click here to Join FunTrivia. Thousands of games, quizzes, and lots more!
Home: General Discussion
View Chat Board Rules
Post New
 
Subject: Secure site

Posted by: hickorystick
Date: Sep 18 16

About a week ago Fun Trivia went from a Secure Site to an unsecured site on my computer. I didn't do anything on my computer but was wondering if there is a glich in the Fun trivia system. I don't like using unsecured sites for obvious reasons. Thank you.

20 replies. On page 1 of 1 pages. 1
MiraJane star


player avatar
What do you mean by FunTrivia being unsecured?

If you are having problems with the website, you should bring this up in the Forums. Another place is to use the Contact Us option. Look at the toolbar at the top of the page. Next to Me and before your name there is a ?

Click or tap on the ? You will see the options available to you to contact someone to help with a problem with the website. It may take a few days for you to get a reply.

To post in the Forums you will need to register there first. How to register is on the top right side of the page ... I think. That's where I remember it being at least. You will need to use the same name in the Forums you use here.

Reply #1. Sep 18 16, 7:17 PM
Mixamatosis star


player avatar
Mira Jane, After this page was created, I noticed an exclamation in a circle preceding the funtrivia address in my address bar. I clicked on that and it says "your connection to this site is not private". There is another link that says "details" but when you click on that it just lists some other existing pages with no indication of where further details are.

Reply #2. Sep 19 16, 3:04 AM
MiraJane star


player avatar
I don't understand what you mean by "after this page was created".
After you opened this specific thread? After you came to this website today? After you first came to this website for the first time?

I have also never seen an exclamation point within a circle in the address bar of any website so I wouldn't know what that meant. If it is referring to your connection, what has that got to do with this website being secure? That's a problem with your connection and not what hickorystick seemed to be asking about.

Reply #3. Sep 19 16, 3:17 AM
Mixamatosis star


player avatar
Mia Jane, Hickory created this page on 18 September and I read it on 18th September. That's all I meant. On that date, after reading this page, I noticed the symbol I mentioned in the address bar. If mine is the only connection that has this problem I can make my own decision whether to continue on this site or not but at the time I did not know whether it just affected me or not.

I'm not a tecchie so I wouldn't know how to resolve it but why would I be the only one with an unsafe connection? I don't understand.

Reply #4. Sep 19 16, 6:54 AM
Mixamatosis star


player avatar
I also didn't think it was a different problem from the one Hickory raised. I thought that if the site is not secure, that's why my connection may not be private. I may be wrong but I don't know.

This is the address I see after the symbol http://www.funtrivia.com/bb.cfm?action=addreplyform&qnid=29368&boardid=13

Unfortunately I can't copy the symbol.

Reply #5. Sep 19 16, 6:59 AM
Mixamatosis star


player avatar
Mira Jane, P.S. If you hover over the star symbol at the right hand side of the address bar it refers to the address as a "page". If you bookmark the page, it will bookmark the exact part of the site that you are viewing. That's why I called it a page rather than a thread. I thought the thread was something within the page. i.e that the thread was the series of comments within the page.

Reply #6. Sep 19 16, 7:20 AM
demurechicky star


player avatar
It says that it's not a secure site on my computer too...but I haven't noticed the settings before..

Reply #7. Sep 19 16, 7:21 AM
MiraJane star


player avatar
I don't have a star in my address bar. I cannot hover over anything. I use a tablet not a computer.

Since security of the site is an issue for several people, I think brining this up in the Forums is the best idea.

I've got a headache and have forgotten what else everyone wrote right now.

Reply #8. Sep 19 16, 9:19 AM
Terry
Head Honcho


player avatar
Web browsers call sites that use encrypted HTTPS:// as "secure". That means data is encrypted between you and the server and back. It is important for sites where you may have credit card numbers or personal info whizzing back and forth. Bank sites, medical records, etc. http:// is not given that designation.

FunTrivia, like many other non-financial sites, does not use this (and has never used this).

Nothing has changed in the last week. It has been like this for 20 years.

i.e. go to cnn.com. Your browser should say its security is the same as ours.




Reply #9. Sep 19 16, 9:32 AM
flopsymopsy star


player avatar
Okay, where to start? Some websites, or parts of websites, have a padlock to the left of the address (or in the bottom of the browser frame) and on those pages the address will start https... This means that the site has a security certificate which verifies that your financial details when you buy something are encrypted by that site. The "https" bit shows that such data is encrypted between you and the site, and between the site and the bank/credit card company. If you dont see both a padlock and the "https" don't enter your bank details. You will occasionally see a red padlock with a X mark - that means the security certificate has expired so while the site may still be safe it can't be verified - better to be safe than sorry so don't enter your payment details where you see that red symbol. A green padlock is fine, a yellow/gold symbol is fine, a red one (triangle or square) is not.

However, most sites don't take financial data, and even on sites that do, most pages don't so there is no need to encrypt any data on those sites or pages. Of course on most sites you don't input any data at all, you just look at a page then move on; on FT you do input data in the form of quiz answers, but it's not financial data so it doesn't need to be encrypted and it's not. It doesn't need a security certificate for that sort of data. Even where FT does enter the realm of finance, i.e. where Gold Members sign up to pay their subs, that entire process is conducted away from FT because it takes place on PayPal - and therefore FT still doesn't need a security certificate, or a padlock, or pages starting with https because it doesn't take financial information. All of FT's financial transactions are handled on PayPal, so it's PayPal that needs to be secure (and is).

What has changed is the way browsers display the relevant symbols. They've always shown the padlock if appropriate, they've always shown a symbol to show if there's an out of date certificate, but they never used to show any symbol if the site wasn't encrypted because it didn't need to be. But in recent days some browsers (certainly Firefox and Chrome) have started to display a circle with exclamation mark if there's no encryption saying that the site is not secure. But sites like FT have no need to be secure because they don't take money so there isn't a problem.

Most of the Marks and Spencer website has the "not secure" symbol but the symbol changes when you move to the payment area, the symbol on the Sears site also changes when you get to the payment pages, but the BBC News site is marked as "not secure" throughout, as is FT, because they don't take money. Two different sorts of website: webstores need to have encrypted areas, non-financial sites don't need it at all.

So... there isn't a problem with FT, it's doing what it's always done, and is just as safe as it always was; the only thing that has changed is the way browsers display the symbols.

I hope this makes sense. :)

Reply #10. Sep 19 16, 9:37 AM
flopsymopsy star


player avatar
Ha! Trust Terry to sneak in while I was typing...

Reply #11. Sep 19 16, 9:38 AM
rossian


player avatar
Thank you for the clear and detailed explanation, flopsy. I had noticed the change in the display and wondered why it had happened. It's a bit disconcerting although I can't say I was worried about it. If I had been, I don't think I would be now.

Reply #12. Sep 19 16, 9:52 AM
Mixamatosis star


player avatar
Can I just seek a bit of further clarification. When the symbol tells me "your connection to this site is not private". Does that mean that any member of the general public can see what we write on blog pages or chat boards or is it only those who log in with a password that can do so? Can people who log in as "guests" see the full range of information. I'm just thinking that people often put personal information on blog pages and chat boards.

Reply #13. Sep 19 16, 10:36 AM
flopsymopsy star


player avatar
Posting on chatboards is a different issue to the "not secure" icon, that applies only to passing data between pages with financial data inputs, or as Terry said, to sites that gather private information, like some healthcare pages, taxation authorities, passport applications, etc.

Most info on FT isn't accessible via search engines and a lot is protected from public view - so if I write something on my team messageboard, for example, no one outside my team can see it because it's password-protected. (No one apart from editors and admins.) To log on as flopsymopsy I have to enter a password, the system will then let me access things associated with that name, such as my team, the Joli Llamas.

However, the chatboards (like this one) are open to guests to view (but not to contribute) and are not protected by a password system. My advice to anyone would be not to post private information on public chatboards on any website, or at least, not in a way where someone could join up the dots. For example, if I tell you in a private message what my real name is, I'd rather you didn't use it on the chatboards. I might say in public that I used to run a web agency, but if somewhere else I said I worked in Town X from, say, 1997-2007, and for this or that client, it wouldn't take someone in the industry long to work out who I am, or where I live in Town Y, especially if they had my first name. But at least I can judge what I say about myself, I have to trust you not to misuse information I've provided privately. And heaven forbid I should ever tell you my surname in a public or unprotected place unless and until we become good friends. Actually I'm more relaxed about some information now than I used to be but I still don't use my full personal details on sites which I know are used by nefarious people trawling for data. A certain facey booky site springs to mind. ;)

I'm always very careful about what info I put on unencrypted websites. If I want to give you my email address, I would split the info between two or three direct messages but never on a chatboard. For example, one message might say "flopsy and mcdoodle all one word" and another would add "symbol for at stop gmail stop com" - that prevents any nasty webcrawler from recognising the details as an email address. That's not a real address, by the way, stop trying to send me nasty emails, lol.

Reply #14. Sep 19 16, 11:28 AM
postcards2go star


player avatar
Ooooooo...

We're in the presence of the (in)famous flopsy mcdoodle!

*eyes widen in awe*

Reply #15. Sep 19 16, 2:16 PM
flopsymopsy star


player avatar
I just made that up, not bad eh? I only wish I'd thought of it five minutes before I thought of this one. ;D

Reply #16. Sep 19 16, 3:07 PM
Mixamatosis star


player avatar
Thanks Flopsy - most helpful. I must admit I didn't realise the chatboards were so accessible though I've never used my real name or any address.

Reply #17. Sep 19 16, 3:40 PM
agony


player avatar
If you want to see what a guest - so, any random person - can see, log out and take a look around the site while logged out.

I suppose it is possible - someone more knowledgeable can correct me if I'm wrong - that a hacker could get access to, say Quiz Notes. I can't imagine why one would, though.....Seems like a lot of troubble to go to to read me saying "Please put all song titles in quotation marks" in a quiz rejection. I would think hackers would devote their time to sites where they could get money or interesting secrets.

Reply #18. Sep 19 16, 4:46 PM
WesleyCrusher


player avatar
The difference between an encrypted ("secure") and unencrypted connection is not so much at the end points but in transit.

Data on the internet is transmitted in so-called hops, from one device to the next, until it reaches its destination. Most of these devices are so-called routers, which are effectively specialized computers that just pass on data.

This makes the system prone to attacks: Someone controlling any of the intermediate routers could read data there - or data could be misdirected to an end computer that is not the intended recipient. For this reason, sensitive data such as credit card numbers, bank data, etc. is sent encrypted so only the intended target can decode it.

A secure - encrypted - connection does not make sense when the data is meant to be published (or even shared with just a small number of people) at the other end. If you make a forum post, it will be stored on the end system as plain text, whether it's visible for everyone, only logged-in users or just your team. Thus, FunTrivia does not use (and never used) secure connections - we just do not send and receive the kind of data that would merit it.

When you pay your Gold Membership, you will be redirected to Paypal for the purpose and they DO use a secure connection. We never see any of your financial data. All we see is a code from Paypal that confirms you have successfully paid, which then triggers your membership being activated.

The fact that you have just recently seen the "not secure" part is due to your browsers: Due to internet fraud being rampant, browser manufacturers create more and more obvious warnings about the issue, often to the point of being overzealous. They see that we process some data you submit (your quiz answers, authored quizzes, forum posts, et cetera) and display a warning that - just for the case your data might be sensitive - this site does not use an encrypted connection. As long as you do not transmit actually sensitive data, which you should NEVER do on FunTrivia, you are however completely safe.

You can think of the warning as a "You are about to put this box out on the street without locking it" sign. If that box contains something valuable, you should probably think twice now. If it however pops up when putting your mail in the mailbox or putting out the trash, you can ignore it - in these cases you want someone to pick it up, after all!

Reply #19. Sep 19 16, 4:49 PM
flopsymopsy star


player avatar
I've learned a lot about people since I first started working on the web. One is that it's a big bad universe out there and people should take care of themselves - but they don't. Common sense is a valuable commodity, a lot of people don't seem to have any. Combine that with the fact they have little or no technical knowledge or awareness and there are ten suckers born every minute and what you have is a recipe for crime, exploitation, and foolishness. And not all the people with no common sense are the general public, there a quite a lot of techies out there who are equally stupid, even more so because they should know better. I'm sure you read from time to time various news articles about the need for better passwords, and polls which show that the most common passwords are things like 1234567, or qwerty123, or password, or admin... what they rarely say is that those passwords are often used by technical staff when they're coding a system, partly so that other techies can access their work if they're away, but mostly because they're idle idiots who should be shot. Worse still, once the project is finished and the job handed over they often forget to remove those basic passwords or they've actually made the system so complex by then it's hard to remove them. Sometimes they do remember to remove their work-in-progress passwords but only because they stick postit notes to their monitors, speakers, or desks... I gave up despairing at such behaviour and made it clear to the techies I employed that using obvious passwords and/or writing them down in such unsafe places was a sackable offence. They soon stopped. Apart from one wonderful time when they named the office server after my cat. Whaaaaaaaaat?

My friends sometimes talk to me about internet banking. I don't use it. My bank talks to me about internet banking. I don't use it. If you want to know why, read my first paragraph again. You think I was the only person who employed techies like that? Think again!

Reply #20. Sep 19 16, 5:08 PM


20 replies. On page 1 of 1 pages. 1
Legal / Conditions of Use