# Insecure links



## Salty seadog (24 Nov 2018)

For a couple of days now I've been getting a security warning when clicking a link. It is not all links but a lot none the less. They are all go.CycleChat links it would seem. This is the message I get when I click on one.

Anyone else getting this out an I special?


----------



## Slick (24 Nov 2018)

Not so special as I've been getting them too.

I had to copy the link and open them another way to get them to work.


----------



## Bazzer (24 Nov 2018)

As above.
My message is Your Connection is not Secure. It appeared for the first time today, although my security software has not changed.


----------



## midlife (24 Nov 2018)

Yep, when I click on a link in a thread... EBay for example


----------



## wonderloaf (24 Nov 2018)

All the time. Very annoying.


----------



## wonderloaf (24 Nov 2018)

Slick said:


> Not so special as I've been getting them too.
> 
> I had to copy the link and open them another way to get them to work.


Yep this is what I have to do


----------



## Salty seadog (24 Nov 2018)

@Moderators

Any clue?


----------



## Cycleops (24 Nov 2018)

Also getting it with the eBay link.


----------



## pawl (24 Nov 2018)

Cycleops said:


> Also getting it with the eBay link.




Tryed your eBay link this morning.Just tried it again but will not connect.


----------



## pawl (24 Nov 2018)

Just tapped on a link in a thread to Decathlon no warning message other than web page not available.


----------



## Katherine (24 Nov 2018)

Salty seadog said:


> @Moderators
> 
> Any clue?


Apologies. 
I have reported it.


----------



## Pat "5mph" (24 Nov 2018)

Salty seadog said:


> @Moderators
> 
> Any clue?


Sorry, no, we have reported it to @Shaun.
Only happened the once for me, on firefox.


----------



## Salty seadog (24 Nov 2018)

Pat "5mph" said:


> Sorry, no, we have reported it to @Shaun.
> Only happened the once for me, on firefox.



I've had it on Firefox on the laptop and chrome on the mobile Probably happening all over.


----------



## classic33 (24 Nov 2018)

Had similar for the last few months. On handheld, chrome. PC, IE windows 7, Vista & windows 10(libary computers). 
Oprah*, FireFox & chrome with XP.

Should read Opera


----------



## Edwardoka (24 Nov 2018)

classic33 said:


> Had similar for the last few months. On handheld, chrome. PC, IE windows 7, Vista & windows 10(libary computers).
> *Oprah*, FireFox & chrome with XP.


I'm not normally one to point out typos but that one tickled me


----------



## classic33 (24 Nov 2018)

Edwardoka said:


> I'm not normally one to point out typos but that one tickled me


Operator input error.


----------



## dave r (24 Nov 2018)

I came across this a couple of years ago, but I can't remember what browser I was using or the cure for it. At the moment I'm not having trouble with links on phone tablet or desktop.


----------



## SpokeyDokey (25 Nov 2018)

Not an expert but I think this is a downside of Google's mission to switch the web from HTTP to HTTPS.

I'm running Chrome at the moment and it is happening a lot to me - not just this forum.


----------



## shirokazan (25 Nov 2018)

SpokeyDokey said:


> Not an expert but I think this is a downside of Google's mission to switch the web from HTTP tp HTTPS.
> 
> I'm running Chrome at the moment and it is happening a lot to me - not just this forum.



Agree with SpokeyDokey. Google and others are driving a move to HTTPS which is resulting in the "insecure" messages. Here's Mozilla (the organisation behind FireFox) announcing their intention about 3 years. https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/


----------



## Ming the Merciless (25 Nov 2018)

https prevents caching on intermediate CDN servers. So it is a real pain for images and other static assets.


----------



## Salty seadog (25 Nov 2018)

SpokeyDokey said:


> Not an expert but I think this is a downside of Google's mission to switch the web from HTTP tp HTTPS.
> 
> I'm running Chrome at the moment and it is happening a lot to me - not just this forum.



Yes just had it on a link in a text message so not just this site after all.


----------



## classic33 (25 Nov 2018)

The walking and running sites have had the warnings since the links were included on here.


----------



## swee'pea99 (25 Nov 2018)

Recently I've been getting these when I click on links in messages:







Is it just me, or is summat up?


----------



## User76022 (25 Nov 2018)

I've seen it a couple of times too, but it comes and goes. Mods ticked the 'discourage' box?


----------



## HLaB (25 Nov 2018)

I got it on a CC link the other day needless to say I didn't reload it


----------



## Slick (25 Nov 2018)

Already being discussed in site support. 
https://www.cyclechat.net/threads/insecure-links.242745/


----------



## twentysix by twentyfive (25 Nov 2018)

Getting that when I attempt to update the Ticker (TickerFactory) in my signature line. Pain - no idea how to access my Ticker outside of CC.


----------



## Edwardoka (25 Nov 2018)

Generally warnings like that are a big no-no (suggesting that either the site you're visiting or your internet connection has been compromised) but in this case when you click an outgoing link on cyclechat it uses a redirect service - and the address CC uses for outgoing links "go.cyclechat.net" doesn't match the certificate of the redirect service and so your browser says "I've got a bad feeling about this"

In this instance it's not particularly risky. You can get around it by adding a security exception in your browser for go.cyclechat.net - though I would *strongly *advise against using security exceptions in general.


----------



## Ming the Merciless (25 Nov 2018)

Easiest thing is to sort out the certificate.


----------



## Shaun (26 Nov 2018)

There are a couple of things going on:

The fix for the wrongly redirected Amazon links turned out to be a much deeper problem than I'd originally anticipated and involved making some server and DNS changes; and because we use HTTP Strict Transport Security (HSTS) on the CC server the prior links to _go.cyclechat.net_ are cached in everyone's browser for a long period and won't work again until they've expired (or been removed and replaced). Removal of HSTS domain settings in browsers is not easy so I've temporarily replaced go.cyclechat.net with a skimlinks link. Once the HSTS caching period has expired I'll reinstate the branded CC redirect.


Google (and now other browser makers) have deprecated Chrome’s trust in the Symantec certificate authority (including Symantec-owned brands like Thawte, VeriSign, Equifax, GeoTrust, and RapidSSL). They announced their intention to do this in March - https://security.googleblog.com/2018/03/distrust-of-symantec-pki-immediate.html - but many site owners have either missed or ignored it and are now showing errors when visited using a browser with deprecated trust. Those site owners need to update their SSL certificates. CC uses a trusted certificate and is not affected by this.
Cheers,
Shaun


----------



## twentysix by twentyfive (26 Nov 2018)

Ticker seems to work again thanks @Shaun


----------



## Pat "5mph" (26 Nov 2018)

I've liked Shaun's post, but have not understood a thing 
I think it means the problems will be fixed in time


----------



## Slick (26 Nov 2018)

Pat "5mph" said:


> I've liked Shaun's post, but have not understood a thing
> I think it means the problems will be fixed in time


I thought it meant that there is nothing to fix as the problem is with other site owners?


----------



## Pat "5mph" (26 Nov 2018)

Slick said:


> I thought it meant that there is nothing to fix as the problem is with other site owners?


I think that's the second bit, the non secure sites.
The first bit, the wrong Amazon links, needs the CC cookies to expire to be replaced by new ones or one could delete one's cookies for immediate effect ... or something


----------



## Slick (26 Nov 2018)

Pat "5mph" said:


> I think that's the second bit, the non secure sites.
> The first bit, the wrong Amazon links, needs the CC cookies to expire to be replaced by new ones or one could delete one's cookies for immediate effect ... or something


We're good.


----------

