Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,811,404 Members 49,197 Now Online
XDA Developers Android and Mobile Development Forum
View Poll Results: Vote for Https on XDA.
I want https! 962 75.93%
I'd kill for that feature! 305 24.07%
Voters: 1267. You may not vote on this poll

[Petition][Poll] We want Https on XDA!

Tip us?
 
nikwen
Old
(Last edited by nikwen; 29th July 2013 at 07:48 PM.)
#1  
nikwen's Avatar
Recognized Contributor - OP
Thanks Meter 1,334
Posts: 2,716
Join Date: Feb 2013
Service [Petition][Poll] We want Https on XDA!

[Petition][Poll] We want Https on XDA!

Three days ago I had a conversation with @benkxda. During that conversation, he pointed out that XDA uses no https encryption. Therefore everybody can read our passwords and PMs when we send them to the server. What if someone replaced our downloadable files with viruses?
Is that really what we want? Neither @benkxda nor I think so. Hence we decided to create this thread.

Now you might ask what you can do to get https on our forum. The first and easiest option is probably the most effective. Vote in the poll at the top of the page.
If you've got some spare time, you can also write a short (or long) post explaining your opinion.

If we get enough votes for this petition, the admins might consider supporting the https protocol.

To ensure that everybody sees this, we want to get this on the portal. Please help us by either clicking this link or by clicking the "Tip us?" button in the right upper corner of this post.
It would also help to spread the word if you put a link to this thread into your signature.

Thanks for reading.
The Following 75 Users Say Thank You to nikwen For This Useful Post: [ Click to Expand ]
 
nikwen
Old
(Last edited by nikwen; 4th March 2014 at 09:57 AM.)
#2  
nikwen's Avatar
Recognized Contributor - OP
Thanks Meter 1,334
Posts: 2,716
Join Date: Feb 2013
Announcements

Quote:
  • 4th March 2014: 1000 supporters.
  • 2nd January 2014: bitpushr implemented https for the login form! Thanks to all supporters.
  • 23rd December 2013: And again, doubled. 800 votes now.
  • 1st November 2013: Another announcement by bitpushr: They "have gotten [their] CDN provider to add SSL." Moreover, he will "add this to the forums".
  • 28th September 2013: Doubled, again. 400 now.
  • 31st August 2013: We just hit the 200 voters mark. Thanks.
  • 13th August 2013: We reached 100 supporters. Keep voting.
  • 7th August 2013: bitpushr announced that the admin team is working on https. I want to say thank you to all who have voted yet. But remember, we don't have https yet. So continue to vote.
  • 29th July 2013: This petition was created.

Code for the signature

 
Code:
[SIZE="5"][URL="http://forum.xda-developers.com/showthread.php?t=2383868"][COLOR="Blue"]Vote for a secure XDA: [/COLOR][Petition][Poll] We want Https on XDA![/URL][/SIZE]
The Following 9 Users Say Thank You to nikwen For This Useful Post: [ Click to Expand ]
 
benkxda
Old
(Last edited by benkxda; 29th July 2013 at 07:51 PM.)
#3  
benkxda's Avatar
Recognized Contributor
Thanks Meter 2,015
Posts: 889
Join Date: Jan 2012

 
DONATE TO ME
Well, XDA folks, you have to take the poll serious. In days where secret services all over the world spy almost everything, the poll has two options, a secret service version as well as a normal version

But to be honest, we are not safe from those spies. Encryption can help much - not only against those spy experts, but also against the administrators in a network, for eg in the company.

Currently, we have no secured connection like SSL/TLS secured HTTPS. Login data can be stolen, every communication is held open. We need a secure connection for the whole XDA website, including linked in scripts and images and not limited to the login sequence. This is state of the art even at Google or Facebook.

Holiday
...but not offline all the time

Please avoid sending me PM with technical questions, place a post in the proper thread instead.

We want HTTPS on XDA!

[ Device Indexes ] - LG G3 | Fairphone 1 | Google Nexus 5 | Google Chromecast | Samsung Galaxy S3 LTE | Samsung Galaxy Nexus
[ General Threads ] - Galaxy Nexus - Extracted Image Files | Nexus 5 - Extracted Image Files | Fairphone | App Translators | App Tester


Profile Extension
The Following 6 Users Say Thank You to benkxda For This Useful Post: [ Click to Expand ]
 
calisro
Old
#4  
calisro's Avatar
Senior Member
Thanks Meter 741
Posts: 1,857
Join Date: Sep 2008
Location: noneya

 
DONATE TO ME
Quote:
Originally Posted by benkxda View Post
Well, XDA folks, you have to take the poll serious. In days where secret services all over the world spy almost everything, the poll has two options, a secret service version as well as a normal version

But to be honest, we are not safe from those spies. Encryption can help much - not only against those spy experts, but also against the administrators in a network, for eg in the company.

Currently, we have no secured connection like SSL/TLS secured HTTPS. Login data can be stolen, every communication is held open. We need a secure connection, which is state of the art at Google or Facebook.
All sites these days should be https. Also I want to add that it is important that https is not only added to the login itself but the entire site. To cut cost, lots of sites use http to https redirect for login only and then swtich the user back to http. Problems with that are tools for cookie hijacking, session hijacking, and tools like sslstrip. The vote should be for SITE WIDE https.

Let's face facts people. On XDA, we download things and flash to our phones, tablets or other devices. If our account is hijacked )which is so easy its not funny) then someone else can replace our material with ones that have back doors/trojans and update the posted MD5. No one would know. security is a concern for me at least.
Samsung Galaxy S5 (Sprint) 900P
Asus Eee pad TF300T [ CM ]
The Following 6 Users Say Thank You to calisro For This Useful Post: [ Click to Expand ]
 
benkxda
Old
#5  
benkxda's Avatar
Recognized Contributor
Thanks Meter 2,015
Posts: 889
Join Date: Jan 2012

 
DONATE TO ME
Quote:
Originally Posted by calisro View Post
All sites these days should be https. Also I want to add that it is important that https is not only added to the login itself but the entire site. To cut cost, lots of sites use http to https redirect for login only and then swtich the user back to http. Problems with that are tools for cookie hijacking, session hijacking, and tools like sslstrip. The vote should be for SITE WIDE https.

Let's face facts people. On XDA, we download things and flash to our phones, tablets or other devices. If our account is hijacked )which is so easy its not funny) then someone else can replace our material with ones that have back doors/trojans and update the posted MD5. No one would know. security is a concern for me at least.
True, only full secured websites are really secured. Thanks for this hint, will edit my prior post.

Holiday
...but not offline all the time

Please avoid sending me PM with technical questions, place a post in the proper thread instead.

We want HTTPS on XDA!

[ Device Indexes ] - LG G3 | Fairphone 1 | Google Nexus 5 | Google Chromecast | Samsung Galaxy S3 LTE | Samsung Galaxy Nexus
[ General Threads ] - Galaxy Nexus - Extracted Image Files | Nexus 5 - Extracted Image Files | Fairphone | App Translators | App Tester


Profile Extension
The Following 4 Users Say Thank You to benkxda For This Useful Post: [ Click to Expand ]
 
nikwen
Old
#6  
nikwen's Avatar
Recognized Contributor - OP
Thanks Meter 1,334
Posts: 2,716
Join Date: Feb 2013
Quote:
Originally Posted by calisro View Post
All sites these days should be https. Also I want to add that it is important that https is not only added to the login itself but the entire site. To cut cost, lots of sites use http to https redirect for login only and then swtich the user back to http. Problems with that are tools for cookie hijacking, session hijacking, and tools like sslstrip. The vote should be for SITE WIDE https.

Let's face facts people. On XDA, we download things and flash to our phones, tablets or other devices. If our account is hijacked )which is so easy its not funny) then someone else can replace our material with ones that have back doors/trojans and update the posted MD5. No one would know. security is a concern for me at least.
Of course, it should be added to the entire site. However, I didn't even think about the downloading thing. That's definetly true and I'll add that.

Feel free to spread the word.

Thank you very much.

Quote:
Originally Posted by benkxda View Post
True, only full secured websites are really secured. Thanks for this hint, will edit my prior post.
Posted at the same time.
The Following User Says Thank You to nikwen For This Useful Post: [ Click to Expand ]
 
Mardon
Old
#7  
Mardon's Avatar
Recognized Contributor
Thanks Meter 4,682
Posts: 3,393
Join Date: Mar 2008
Location: Hamburg

 
DONATE TO ME
Quote:
Originally Posted by benkxda View Post
True, only full secured websites are really secured. Thanks for this hint, will edit my prior post.
Not fully correct.
NSA is getting also access to https secured connections.
http://www.dailytech.com/FBI+NSA+Wan...ticle32046.htm
Phone: Xperia Arc S
Baseband:
G-77
Rom + Kernel:
[CM11] - [testbuild-20140918]
Rom2 + Kernel2:
OmniROM (0919-self compiled)
Rom3 + Kernel3: MerkMod unofficial
Recovery: CWM 6.x / TWRP 2.7.1.0
Phone 2
: Galaxy Ace GT-S5830
Baseband: XWKT8
Rom: modded-CM11++fb 20140806
Kernel: MA6 kernel 20140806
Recovery : CWM 6.0.5.3
Tab:Odys Neo X8 (RK2918)
Rom: [CM10.1] v1.2.4 - 20131209
My Dropbox get your own Dropbox
My Files
The Following 4 Users Say Thank You to Mardon For This Useful Post: [ Click to Expand ]
 
nikwen
Old
#8  
nikwen's Avatar
Recognized Contributor - OP
Thanks Meter 1,334
Posts: 2,716
Join Date: Feb 2013
Quote:
Originally Posted by Mardon View Post
Not fully correct.
NSA is getting also access to https secured connections.
http://www.dailytech.com/FBI+NSA+Wan...ticle32046.htm
That's right, but our main concern should be the (bad) hackers. It is difficult to stop the NSA, you know.
The Following 2 Users Say Thank You to nikwen For This Useful Post: [ Click to Expand ]
 
benkxda
Old
#9  
benkxda's Avatar
Recognized Contributor
Thanks Meter 2,015
Posts: 889
Join Date: Jan 2012

 
DONATE TO ME
Quote:
Originally Posted by Mardon View Post
Not fully correct.
NSA is getting also access to https secured connections.
http://www.dailytech.com/FBI+NSA+Wan...ticle32046.htm
This must be verified first, but frankly I really believe, they try to get those master keys. But they would need a master key to get access. At least, an encryption keeps out most assailants.

Holiday
...but not offline all the time

Please avoid sending me PM with technical questions, place a post in the proper thread instead.

We want HTTPS on XDA!

[ Device Indexes ] - LG G3 | Fairphone 1 | Google Nexus 5 | Google Chromecast | Samsung Galaxy S3 LTE | Samsung Galaxy Nexus
[ General Threads ] - Galaxy Nexus - Extracted Image Files | Nexus 5 - Extracted Image Files | Fairphone | App Translators | App Tester


Profile Extension
The Following User Says Thank You to benkxda For This Useful Post: [ Click to Expand ]
 
Mardon
Old
#10  
Mardon's Avatar
Recognized Contributor
Thanks Meter 4,682
Posts: 3,393
Join Date: Mar 2008
Location: Hamburg

 
DONATE TO ME
Quote:
Originally Posted by nikwen View Post
That's right, but our main concern should be the (bad) hackers. It is difficult to stop the NSA, you know.
Right https is much better i agree
If NSA or FBI or who else gets the masterkeys there also exist a chance for others (hackers) to get the keys too.
I think the whole internet needs a new full encrypted security protocol in future where the keys are randomly changed and such things like masterkeys only working a few hours to minimize the hacking risks.
But thats offtopic i think
Phone: Xperia Arc S
Baseband:
G-77
Rom + Kernel:
[CM11] - [testbuild-20140918]
Rom2 + Kernel2:
OmniROM (0919-self compiled)
Rom3 + Kernel3: MerkMod unofficial
Recovery: CWM 6.x / TWRP 2.7.1.0
Phone 2
: Galaxy Ace GT-S5830
Baseband: XWKT8
Rom: modded-CM11++fb 20140806
Kernel: MA6 kernel 20140806
Recovery : CWM 6.0.5.3
Tab:Odys Neo X8 (RK2918)
Rom: [CM10.1] v1.2.4 - 20131209
My Dropbox get your own Dropbox
My Files

The Following 2 Users Say Thank You to Mardon For This Useful Post: [ Click to Expand ]
Tags
connection, encryption, https, petition, secure, security, xda
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes