# CC change from http to https



## Shut Up Legs (14 Jan 2017)

@Shaun, nice work as usual on the site. It has to be the best cycling forum I've ever used, and we all appreciate your work. 

I have a question about images on the site. You mentioned in Site News that a large number of externally hosted images would be copied to the CC site. Does this include images that CC members have linked to, or is it just some CC-specific images?

Regards & thanks,

--- Victor.


----------



## ColinJ (14 Jan 2017)

That's a good point. Secure pages often become insecure when they include links to insecure resources, or so my browser tells me!


----------



## Pat "5mph" (14 Jan 2017)

Ah, but surely once the unsecured  images are copied to a secure server then the become secure images? 
Linked external sites are never guaranteed secure by the linking secure site ... so my bank says anyway.


----------



## Shaun (14 Jan 2017)

Once I switch it over all pages from CycleChat will be served via SSL and be secure, including any files and images that are served from the cyclechat.net domain.

Anything on a page that is from a non-https source will invalidate the overall security of the page ('break' it) from the point of view of the browser padlock - but it doesn't mean all of the content is insecure, just the content from the non-secure external source.

That being said, ideally we want everything to be secure on the page, so I had two options with regards to external images (pictures that are linked from other sites that aren't served over https):

*Proxy external images* - the forum software downloads and stores a copy of the external image onto the CC server in its original file size. It then serves it via an internal proxy script, making sure the image comes from a secure source.


*Convert external images to attachments* - takes a copy of the external image, resizes and compresses the file based on the max board dimensions (_using a lossless algorithm to retain quality_), and stores it on the CC server as a post attachment so it can be delivered securely by CC indefinitely.

Proxying caches an image the next time a thread/post is requested. This is reasonably efficient because you're not storing un-viewed images, but it also means that lots of images from older threads wouldn't be retained and may be lost. It also stores the source image at its original file size, so if there are lots of links to 10MB+ images it'll soon fill up the CC server. Such large images are overkill for what we need on CC and overly increase page download times. The proxy also doesn't serve the files using an image file extension, so doesn't cache as naturally as a native image file, so I decided to go for converting images to attachments.

Converting external images to attachments reduces image dimensions to a useful visual size (the larger of 1200 pixels wide / 900 pixels high) and reduces the physical file size to an average of around 30kb per image. It also ensures we serve the file as an image using whichever file extension it was originally uploaded as. This should be good for mobile users and also means images can be cached and served via the CDN (_Content Delivery Network_) that we use to speed up page loading time for overseas visitors, keeping CC nice and fast for everyone. We also get to keep many of the still-available older linked images on the CC server, protecting posts from the removal of the source images.

For the past 48 hours the converter has been running in the background, going through millions of posts, converting external images to attachments. It should be finished shortly, so we'll be switching fairly soon.

If you need to link to a higher quality image for practical purposes, just post it as a web link and people can click on it and view the original image in their browser at the full size. 

Cheers,
Shaun


----------



## Milkfloat (15 Jan 2017)

Silly question Shaun, but by copying all the externally linked content are you not opening yourself up to copywrite problems?


----------



## Tin Pot (15 Jan 2017)

Pat "5mph" said:


> Ah, but surely once the unsecured  images are copied to a secure server then the become secure images?
> Linked external sites are never guaranteed secure by the linking secure site ... so my bank says anyway.



HTTPS does not make dodgy content secure, it merely assures you that what you are downloading is from the site you want to connect to.

The idea being that you trust CC, so if you know you're only connecting to CC all the content is legitimate, and you can rest easy.

This is unlikely to ever be the case, because CC by its nature allows anybody in the world to post content, which can include malware/malicious code.

HTTPS helps cc members in that you should at least know whether you've be redirected to another site or are viewing content from another site, and can make a judgement call as to whether you really want to go to www.evilcrimesyndicate.ru to see someone's pics of their bike or not.


----------



## Tin Pot (15 Jan 2017)

Milkfloat said:


> Silly question Shaun, but by copying all the externally linked content are you not opening yourself up to copywrite problems?



His CDN should be able to identify anything from major sources that are likely to complain, i.e. Gettys images.


----------



## Shut Up Legs (15 Jan 2017)

@Shaun, what do I do if I wish to cease showing an image I've posted from one of my own sources, e.g. the Google sites I currently use for my own images? Will the CC server copy remain, or is it automatically removed?


----------



## Shaun (15 Jan 2017)

Shut Up Legs said:


> @Shaun, what do I do if I wish to cease showing an image I've posted from one of my own sources, e.g. the Google sites I currently use for my own images? Will the CC server copy remain, or is it automatically removed?


It won't be automatically removed, no, but just edit your post and remove the attachment as normal and it will be gone.

If it's a really old post that isn't included in the editing time window, or has been quoted and you cannot edit the quoted post, just click 'Report' and let the mod team know which image/s you'd like removed and we'll sort it out for you. 



Milkfloat said:


> Silly question Shaun, but by copying all the externally linked content are you not opening yourself up to copywrite problems?


CycleChat doesn't claim copyright on any of the linked or uploaded images, we don't modify them (_other than resizing_), and don't present them as ours - so it is no different from the previous behaviour where members linked to external images or uploaded them as attachments. We are simply pulling a copy of the image onto the CC server to enable us to deliver it securely.

If an author wants us to remove their images from CC we will oblige, and always have done, but it is rare for us to be asked; we've had maybe a handful of requests in the 10+ years CC has been running. Funnily enough, the reverse has been more common, where people have lost their original images and been grateful that copies still exists on a thread on CC so they can download them. 

The purpose of attaching images is to provide speedy, secure pages to our members and visitors, it is not to steal them away from their authors or inflict them upon the public in perpetuity, and anyone who wishes to have their images removed from CC just has to ask. 

Cheers,
Shaun


----------

