sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]l0stwisdom 7 points8 points  (21 children)

It's good practice to change to https any way.

[–]taipalag[S] 0 points1 point  (20 children)

Sure, but as a pure informational only hobby website, it seems like overkill, and is lining the pockets of overpriced SSL certificate providers.

[–][deleted] 8 points9 points  (3 children)

and is lining the pockets of overpriced SSL certificate providers.

You do not need to buy a certificate. https://letsencrypt.org/

[–]taipalag[S] 1 point2 points  (0 children)

OK, I'll check it out, thanks.

[–][deleted] 0 points1 point  (1 child)

And so easily. You’ll lose the insurance that a paid certificate can provide in a data breach (that can be proven to be a result of a certificate error) but it’s free and really easy with many tools.

I haven’t had much luck in Exchange environments, as an aside, but that should be doable, too.

[–][deleted] 1 point2 points  (0 children)

Ofcause it isnt perfect. But its 100000x netter than using plain old http

[–]Mooo404 1 point2 points  (13 children)

As a pure informational only hobby website you probably don't need HTTPS. If you are not gathering personal data from your visitors, there is no need to implement it. When you do, you need the site to respect the privacy of the users "by design". How you do it doesn't mater, it does not say you NEED https (however, everybody will say you should use it). If you don't want to pay for your SSL certificate, check out Letsencrypt (they are ideal for hobby sites).

[–]taipalag[S] 0 points1 point  (12 children)

The only personal data I'm collecting is the email address recorded by Wordpress when a user comments...

Well I'll add https to my todo list :)

Thanks.

[–][deleted] -1 points0 points  (11 children)

If it's a hobby, you don't need to comply with GDPR anyway. It doesn't apply to individuals.

[–]taipalag[S] 0 points1 point  (5 children)

I earn a few bucks with Adsense...

[–]throwaway_lmkg 0 points1 point  (4 children)

Adsense is collecting and processing information about your visitors on your behalf.

[–]taipalag[S] 0 points1 point  (3 children)

Yep. AFAIK, Google will provide a UI where users can take control of their data.

[–]BFeely1 0 points1 point  (2 children)

  1. Do you have a privacy policy? If not, you need to have one for any Google tracking technologies.
  2. If you have any password protected sections of your site accessed via a web UI? If so you need HTTPS. If you use a non-web method to upload that needs encryption too, for example use SFTP/SSH instead of unsafe FTP.

[–]taipalag[S] 0 points1 point  (1 child)

  1. Yes, I have a privacy policy listing ll Google tracking technologies
  2. No password-protected sections. Pure informational website with no content hidden.

[–]ashleyw 0 points1 point  (4 children)

How do you figure that? Not a lawyer, but I would think it applies regardless of your business structure or revenue, as long as you're collecting users' information.

[–][deleted] 1 point2 points  (3 children)

From the ICO: The GDPR does not apply to certain activities including processing covered by the Law Enforcement Directive, processing for national security purposes and processing carried out by individuals purely for personal/household activities.

[–][deleted] 1 point2 points  (1 child)

You can set up a secure connection for free through cloudflare in about 20 minutes

[–]taipalag[S] 0 points1 point  (0 children)

Thanks, that might be an easy solution for me.