
Originally Posted by
RCC_Admin
RCCanucks has never been a "secure" (or HTTPS) website.
The risks of some form of an "attack" through the current RCCanucks setup (non-HTTPS) is extremely low (or at least not much more than a typical HTTPS (TLS) setup).
Most other forum sites install a certificate and an HTTPS setup because most other forum sites are driven by ad placement and sales using services like Google, etc. These services show ads constantly throughout the forum (top, bottom, in between posts, main page, etc). This content is served up via the service (Google or whatever) and usually is catered to the individual user (based on what the service knows about the user: past websites visited, ads clicked, etc - the website will identify you using cookies or data (Deep Google data).) Since the forum doesn't have control over this content, they never know what they will get, so a secure HTTPS site is beneficial to make sure that the links supplied by the ads are who they say they are, and not redirected to some sort of dangerous website.
In RCCanucks case, we do use Google to deliver the ads (only ads on the site are at the top of the page) and track stats on the ads (so our advertisers know what they are getting for their cash: how many views, how many clicks, etc.). But the big difference is that we don't allow Google to place just any ad (or try to match a user to specific ad content. Google doesn't know who they served the ad to, just that it was served.) We just allow Google to randomly show one of the several banners (that we have hand loaded and verified from one of our sponsors) on the top of the main page.
If we were smart, we would probably change the model so that it used the ad model that 99% of all forum sites are using and generate some extra cash. But we don't like ads spilling all over the place, so we will keep it the way it is for as long as we can.
From a "bad link" perspective, yes a user could post a link that leads to a dangerous website on any post. HTTPS would not altogether stop this problem. Most modern day malicious websites will be secured in some way (or at least lead you down a garden path). So clicking on them will have the same result regardless if the website was secure or not. This sort of scenario usually occurs by "guest" posts or "rogue" users.
RCCanucks doesn't allow "guest" users, and we have minimized "rogue" users by having an account verification step (some spam users still get through, but we try to delete them ASAP).
We may install a certificate in the future, but we have no immediate plans to do so.
Best thing to do is to install a solid anti-virus/anti-malware application and keep it updated. This is your best defense against the dangerous internet.
RCCanucks.com