SOLVED: The website does not supply identity information

[Numanoid]

I have a warning sign in Firefox about this

So why does not kvraudio.com supply id info ?

[fluffy_little_something]

Obviously FF does not block KVR
So, KVR can't be considered that dangerous. There is no warning whatsoever in Chrome. But I do remember getting warnings about some advertising link or whatever it was, the domain ended in .it

[Numanoid]

Can't KVR just fix it so I don't have to have this warning in browser?:

[fluffy_little_something]

Maybe it would cost more...

[Numanoid]

When expanding that warning, it gives this message:

[Numanoid]

When not logged in, there is no warning:



It is when I am logged in I see the warning that "connection is not secure" (as posted above)

[chk071]

Can't KVR just fix it so I don't have to have this warning in browser?:

Why bother?

[Sampleconstruct]

It's due to the https in the KVR address, images may be linked from servers which use an http address only (meaning insecure/ not encoded). wWithin the next year or so, Google is planning to give all websites with an https (secure/encoded) a better ranking in their search results.

[Numanoid]

OK, thanks for the info.

But why difference between being logged in and not?

I often link to pictures from other sites using the code, but I can still see those images when I am not logged in.

[fluffy_little_something]

The Internet has become so complex, I doubt normal people understand how it all works. I sure don't. I have my AV and firewall on, a long Hosts file, very conservative browser settings, and common sense when surfing, so I hope to be safe even if I don't know about all the potential dangers out there.

[Numanoid]

Interestingly Gmail is verified as a secure connection by Google inc. Wow, who would have thought that, the dev verifying their own plug/app, that came as some surprise

I guess Ben then could get KVR inc. to verify KVRaudio and problem solved.

[fluffy_little_something]

It's the same with many programs. Some even renowned developers don't seem to bother adding a signature. So we get warning during installation.

[Ben [KVR]]

The logged in page and the non logged in page you are showing in your screenshots aren't the same pages. https://www.kvraudio.com/forum/ should be the same logged in or not, as should the topic link.

All content delivered by our server should be on https, however if an image linked in a topic is on a different server and is using http it will show the warning.

For example all the images hosted on tinypic.com in this thread, and the patchpool signature image, are all loaded from http so will caused a mixed content warning. We can't change that unless we somehow try to enforce https for all image links, which is not practical.

You can usually click more info (or similar) to find out which bits are served http or https.

[Sampleconstruct]

I'm in the process of migrating to https, I just need to fix some font issues which occur when using https - so I won't be the cause of insecurity in the future anymore

[#rob]

If you click the "more information" button, you'll see why. There are 5 images included via HTTP instead of HTTPS in this thread.
Ironically, it's all posted screenshots and Sampleconstruct's signature.

The KVR guys just have to update their code so that post and signature images are not included through hard-coded HTTP links. Easiest fix would be to simply remove the "http:" part from the "http://" URLs, that would pick the HTTP or HTTPS protocol automatically.