Discussion:
Avoiding broken links in posts
Add Reply
Spike
2025-01-05 15:52:45 UTC
Reply
Permalink
In order to avoid situations in which urls in posts become broken, it would
be helpful to put such links between the characters < and > as in the
example below:

<https://mil.in.ua/en/news/the-defense-intelligence-of-ukraine-eliminated-the-chief-of-staff-of-the-storm-ossetia-battalion/>

Another method might be to use the services of a url-shortening web site
such as tinyurl.com (other such sites are available).

The above link becomes <https://tinyurl.com/4h8yjwev> which might stand a
better chance of not becoming mangled.

Note that prepending ‘preview’ (without the quotes) to the tinyurl link (to
give preview.tinyurl.com/whateverwasthereoriginally) will return the
original link:

https://preview.tinyurl.com/4h8yjwev

…gives the link original quoted.

HTH
--
Spike
Andy Burns
2025-01-06 09:09:45 UTC
Reply
Permalink
Post by Spike
In order to avoid situations in which urls in posts become broken, it would
be helpful to put such links between the characters < and > as in the
Chevrons by themselves are no guarantee, the sender needs a client that
doesn't insert line-breaks in the wrong places ...
Spike
2025-01-06 09:23:27 UTC
Reply
Permalink
Post by Andy Burns
Post by Spike
In order to avoid situations in which urls in posts become broken, it would
be helpful to put such links between the characters < and > as in the
Chevrons by themselves are no guarantee, the sender needs a client that
doesn't insert line-breaks in the wrong places ...
There’s no magic bullet here when it comes to unwanted line breaks in URLs,
and I did note that putting chevrons around them could help in this regard,
implying that it wasn’t a 100% solution. That’s why I also suggested using
tinyurl.com as a shorter link is less likely to get broken.

My view is that chevrons are a good idea, and some posters already include
the url and tinyurl in their articles, which helps greatly with the
problem.

Readers can always use the preview.tinyurl.com/whatever facility to check
the actual link that was shortened, if the OP hasn’t already included it.
--
Spike
Roland Perry
2025-01-06 10:19:04 UTC
Reply
Permalink
That’s why I also suggested using tinyurl.com as a shorter link is
less likely to get broken.
Of course, by using any url-shortener, you are revealing your browsing
history to a third party. Which you may or may not find acceptable.
--
Roland Perry
Spike
2025-01-06 10:42:23 UTC
Reply
Permalink
Post by Roland Perry
That’s why I also suggested using tinyurl.com as a shorter link is
less likely to get broken.
Of course, by using any url-shortener, you are revealing your browsing
history to a third party. Which you may or may not find acceptable.
When following links I use Startpage in private mode, and delete the web
information after each session. There isn’t much browsing history to
reveal.
--
Spike
Roland Perry
2025-01-06 11:17:35 UTC
Reply
Permalink
Post by Spike
Post by Roland Perry
That’s why I also suggested using tinyurl.com as a shorter link is
less likely to get broken.
Of course, by using any url-shortener, you are revealing your browsing
history to a third party. Which you may or may not find acceptable.
When following links I use Startpage in private mode, and delete the web
information after each session. There isn’t much browsing history to
reveal.
Only that your PC accessed that page, and nothing you can do locally
will erase that.
--
Roland Perry
Roger Hayter
2025-01-06 11:57:41 UTC
Reply
Permalink
Post by Spike
Post by Andy Burns
Post by Spike
In order to avoid situations in which urls in posts become broken, it would
be helpful to put such links between the characters <and > as in the
Chevrons by themselves are no guarantee, the sender needs a client that
doesn't insert line-breaks in the wrong places ...
There’s no magic bullet here when it comes to unwanted line breaks in URLs,
and I did note that putting chevrons around them could help in this regard,
implying that it wasn’t a 100% solution. That’s why I also suggested using
tinyurl.com as a shorter link is less likely to get broken.
My view is that chevrons are a good idea, and some posters already include
the url and tinyurl in their articles, which helps greatly with the
problem.
Readers can always use the preview.tinyurl.com/whatever facility to check
the actual link that was shortened, if the OP hasn’t already included it.
The moderators have previously asked that if a redirection link is used that
the original link is also included to save moderation time.
--
Roger Hayter
Roland Perry
2025-01-06 12:55:50 UTC
Reply
Permalink
Post by Roger Hayter
Post by Spike
Readers can always use the preview.tinyurl.com/whatever facility to check
the actual link that was shortened, if the OP hasn’t already included it.
The moderators have previously asked that if a redirection link is used that
the original link is also included to save moderation time.
I also do not wish to appear in the stats of someone looking at a
potentially dodgy site, because of the way redirection sites could be
selling that aspect of my browsing history to anyone interested.
--
Roland Perry
Mark Goodge
2025-01-06 17:24:49 UTC
Reply
Permalink
Post by Roger Hayter
Post by Andy Burns
Post by Spike
In order to avoid situations in which urls in posts become broken, it would
be helpful to put such links between the characters <and > as in the
Chevrons by themselves are no guarantee, the sender needs a client that
doesn't insert line-breaks in the wrong places ...
There’s no magic bullet here when it comes to unwanted line breaks in URLs,
and I did note that putting chevrons around them could help in this regard,
implying that it wasn’t a 100% solution. That’s why I also suggested using
tinyurl.com as a shorter link is less likely to get broken.
My view is that chevrons are a good idea, and some posters already include
the url and tinyurl in their articles, which helps greatly with the
problem.
Readers can always use the preview.tinyurl.com/whatever facility to check
the actual link that was shortened, if the OP hasn’t already included it.
The moderators have previously asked that if a redirection link is used that
the original link is also included to save moderation time.
If I need to post a link that's longer than around 72 characters (the usual
line length for text-only communication such as Usenet), then I almost
always provide both the original and a shortened version. If I'm responding
to a post by someone else who has posted a long URL but not a short version,
then I'll often post a short version of their link for the benefit of anyone
reading my reply and wanting to follow the link I'm quoting.

I never post a short link alone, unless the short link itself clearly
indicates the nature of the content (eg. goo.gl rather than google.com, and
youtu.be rather than youtube.com).

Mark
Martin Harran
2025-01-06 09:58:37 UTC
Reply
Permalink
Post by Andy Burns
Post by Spike
In order to avoid situations in which urls in posts become broken, it would
be helpful to put such links between the characters < and > as in the
Chevrons by themselves are no guarantee, the sender needs a client that
doesn't insert line-breaks in the wrong places ...
People telling me that I need to change my client, which works
perfectly well in every other regard, gets tiresome to say the least.

When I post a URL that might break, I invariably include a shortened
URL. If I consider something worth spending time on to post, then I
think it is also worth the extra few seconds it takes to create that
shortened URL and make it easy for potential readers to find.
Andy Burns
2025-01-06 10:07:05 UTC
Reply
Permalink
Post by Martin Harran
People telling me that I need to change my client, which works
perfectly well in every other regard, gets tiresome to say the least.
I wasn't telling anyone to change client, merely explaining that some
clients are better with URLs than others.
Post by Martin Harran
When I post a URL that might break, I invariably include a shortened
URL. If I consider something worth spending time on to post, then I
think it is also worth the extra few seconds it takes to create that
shortened URL and make it easy for potential readers to find.
I generally dislike link shorteners, though I do try to make URLs
shorter without fundamentally altering them (e.g. cut the tracking links
out of them)
Mark Goodge
2025-01-06 12:14:57 UTC
Reply
Permalink
Post by Andy Burns
Post by Martin Harran
People telling me that I need to change my client, which works
perfectly well in every other regard, gets tiresome to say the least.
I wasn't telling anyone to change client, merely explaining that some
clients are better with URLs than others.
Yes, indeed. I do think that if someone is using a client which breaks links
on transmission then it would be worthwhile investigating a different
client, or, failing that, to accompany the long link with a short one. But
none of us can stop a link being broken by a receiving client, or by a
client which breaks it on inclusion in quoted text.
Post by Andy Burns
Post by Martin Harran
When I post a URL that might break, I invariably include a shortened
URL. If I consider something worth spending time on to post, then I
think it is also worth the extra few seconds it takes to create that
shortened URL and make it easy for potential readers to find.
I generally dislike link shorteners, though I do try to make URLs
shorter without fundamentally altering them (e.g. cut the tracking links
out of them)
A lot of newspaper websites have a unique ID embedded in an otherwise longer
SEO-friendly URL, and you can usually strip it all the way back to just the
ID, or just the ID and a few additional characters. For example, this:

https://www.eveshamjournal.co.uk/news/24835118.a44-evesham-fladbury-closed-due-flooding/

can be shortened to this:

https://www.eveshamjournal.co.uk/news/24835118.a

and that particular CMS is common to a lot of local newspaper websites.

Mark
Andy Burns
2025-01-06 12:29:15 UTC
Reply
Permalink
Post by Mark Goodge
A lot of newspaper websites have a unique ID embedded in an otherwise longer
SEO-friendly URL
The Guardian used to own gu.com to shorten their own article URLs, but
it went way.

screwfix product links such as

https://www.screwfix.com/p/scrubb-shot-super-concentrate-bathroom-cleaner-500ml/981ve

can be reduced to

https://screwfix.com/p/981ve

amazon product links such as

https://www.amazon.co.uk/Maybelline-Extension-Salon-Like-Long-Lasting-Buildable/dp/B0BQ65RZ5L?ref_=ast_sto_dp&th=1

reduce to

https://amazon.co.uk/dp/B0BQ65RZ5L
Roland Perry
2025-01-06 10:21:32 UTC
Reply
Permalink
Post by Martin Harran
Post by Andy Burns
Post by Spike
In order to avoid situations in which urls in posts become broken, it would
be helpful to put such links between the characters < and > as in the
Chevrons by themselves are no guarantee, the sender needs a client that
doesn't insert line-breaks in the wrong places ...
People telling me that I need to change my client, which works
perfectly well in every other regard, gets tiresome to say the least.
When I post a URL that might break, I invariably include a shortened
URL. If I consider something worth spending time on to post, then I
think it is also worth the extra few seconds it takes to create that
shortened URL and make it easy for potential readers to find.
It appears that another trick to make long urls more acceptable to
broken reader-clients is to insert a space in front of the leading
chevron.
--
Roland Perry
Martin Harran
2025-01-06 13:08:33 UTC
Reply
Permalink
Post by Roland Perry
Post by Martin Harran
Post by Andy Burns
Post by Spike
In order to avoid situations in which urls in posts become broken, it would
be helpful to put such links between the characters < and > as in the
Chevrons by themselves are no guarantee, the sender needs a client that
doesn't insert line-breaks in the wrong places ...
People telling me that I need to change my client, which works
perfectly well in every other regard, gets tiresome to say the least.
When I post a URL that might break, I invariably include a shortened
URL. If I consider something worth spending time on to post, then I
think it is also worth the extra few seconds it takes to create that
shortened URL and make it easy for potential readers to find.
It appears that another trick to make long urls more acceptable to
broken reader-clients is to insert a space in front of the leading
chevron.
I don't regard my reader-clients as broken, I regard the sites who
produce such long links as broken.

YMMV
Roland Perry
2025-01-06 13:33:55 UTC
Reply
Permalink
Post by Martin Harran
Post by Roland Perry
Post by Martin Harran
Post by Andy Burns
Post by Spike
In order to avoid situations in which urls in posts become broken,
it would be helpful to put such links between the characters < and
Chevrons by themselves are no guarantee, the sender needs a client that
doesn't insert line-breaks in the wrong places ...
People telling me that I need to change my client, which works
perfectly well in every other regard, gets tiresome to say the least.
When I post a URL that might break, I invariably include a shortened
URL. If I consider something worth spending time on to post, then I
think it is also worth the extra few seconds it takes to create that
shortened URL and make it easy for potential readers to find.
It appears that another trick to make long urls more acceptable to
broken reader-clients is to insert a space in front of the leading
chevron.
I don't regard my reader-clients as broken, I regard the sites who
produce such long links as broken.
If you have a reader-client which ignores the relevant and very easy to
understand rfcs, then I call that "broken".
--
Roland Perry
Martin Harran
2025-01-06 14:02:10 UTC
Reply
Permalink
Post by Roland Perry
Post by Martin Harran
Post by Roland Perry
Post by Martin Harran
Post by Andy Burns
Post by Spike
In order to avoid situations in which urls in posts become broken,
it would be helpful to put such links between the characters < and
Chevrons by themselves are no guarantee, the sender needs a client that
doesn't insert line-breaks in the wrong places ...
People telling me that I need to change my client, which works
perfectly well in every other regard, gets tiresome to say the least.
When I post a URL that might break, I invariably include a shortened
URL. If I consider something worth spending time on to post, then I
think it is also worth the extra few seconds it takes to create that
shortened URL and make it easy for potential readers to find.
It appears that another trick to make long urls more acceptable to
broken reader-clients is to insert a space in front of the leading
chevron.
I don't regard my reader-clients as broken, I regard the sites who
produce such long links as broken.
If you have a reader-client which ignores the relevant and very easy to
understand rfcs, then I call that "broken".
I work on a different principle. If I want people to read stuff that I
write, then I make reading it as easy as possible for as many people
as possible.
Roland Perry
2025-01-06 16:40:37 UTC
Reply
Permalink
Post by Martin Harran
Post by Roland Perry
Post by Martin Harran
Post by Roland Perry
Post by Martin Harran
Post by Andy Burns
Post by Spike
In order to avoid situations in which urls in posts become broken,
it would be helpful to put such links between the characters < and
Chevrons by themselves are no guarantee, the sender needs a client that
doesn't insert line-breaks in the wrong places ...
People telling me that I need to change my client, which works
perfectly well in every other regard, gets tiresome to say the least.
When I post a URL that might break, I invariably include a shortened
URL. If I consider something worth spending time on to post, then I
think it is also worth the extra few seconds it takes to create that
shortened URL and make it easy for potential readers to find.
It appears that another trick to make long urls more acceptable to
broken reader-clients is to insert a space in front of the leading
chevron.
I don't regard my reader-clients as broken, I regard the sites who
produce such long links as broken.
If you have a reader-client which ignores the relevant and very easy to
understand rfcs, then I call that "broken".
I work on a different principle. If I want people to read stuff that I
write, then I make reading it as easy as possible for as many people
as possible.
Of course. I do everything I can. But sometimes even that doesn't get
past the most broken usenet clients.

I won't use url shorteners because of the privacy aspects, and I know
some people are concerned and so they'll religiously never click on them
(apart perhaps from streetview's, which is a somewhat different kettle
of worms, because it doesn't matter if you click on a long link or a
shortened one, they'll still log it).
--
Roland Perry
Martin Harran
2025-01-06 17:41:09 UTC
Reply
Permalink
Post by Roland Perry
Post by Martin Harran
Post by Roland Perry
Post by Martin Harran
Post by Roland Perry
Post by Martin Harran
Post by Andy Burns
Post by Spike
In order to avoid situations in which urls in posts become broken,
it would be helpful to put such links between the characters < and
Chevrons by themselves are no guarantee, the sender needs a client that
doesn't insert line-breaks in the wrong places ...
People telling me that I need to change my client, which works
perfectly well in every other regard, gets tiresome to say the least.
When I post a URL that might break, I invariably include a shortened
URL. If I consider something worth spending time on to post, then I
think it is also worth the extra few seconds it takes to create that
shortened URL and make it easy for potential readers to find.
It appears that another trick to make long urls more acceptable to
broken reader-clients is to insert a space in front of the leading
chevron.
I don't regard my reader-clients as broken, I regard the sites who
produce such long links as broken.
If you have a reader-client which ignores the relevant and very easy to
understand rfcs, then I call that "broken".
I work on a different principle. If I want people to read stuff that I
write, then I make reading it as easy as possible for as many people
as possible.
Of course. I do everything I can. But sometimes even that doesn't get
past the most broken usenet clients.
I won't use url shorteners because of the privacy aspects, and I know
some people are concerned and so they'll religiously never click on them
I believe that choice should be theirs, not mine.
Post by Roland Perry
(apart perhaps from streetview's, which is a somewhat different kettle
of worms, because it doesn't matter if you click on a long link or a
shortened one, they'll still log it).
Roland Perry
2025-01-07 05:21:09 UTC
Reply
Permalink
Post by Martin Harran
Post by Roland Perry
I won't use url shorteners because of the privacy aspects, and I know
some people are concerned and so they'll religiously never click on them
I believe that choice should be theirs, not mine.
Unfortunately, it's rarely an informed choice, so as a one-time
advisor on Internet privacy issues, I don't tempt them to make
the wrong decision.
--
Roland Perry
Martin Harran
2025-01-07 06:56:39 UTC
Reply
Permalink
Post by Roland Perry
Post by Martin Harran
Post by Roland Perry
I won't use url shorteners because of the privacy aspects, and I know
some people are concerned and so they'll religiously never click on them
I believe that choice should be theirs, not mine.
Unfortunately, it's rarely an informed choice, so as a one-time
advisor on Internet privacy issues, I don't tempt them to make
the wrong decision.
I'd think that what is left of Usenet users nowadays are a lot more
savvy about the Internet than the general population.
Roland Perry
2025-01-07 08:18:11 UTC
Reply
Permalink
Post by Martin Harran
Post by Roland Perry
Post by Martin Harran
Post by Roland Perry
I won't use url shorteners because of the privacy aspects, and I know
some people are concerned and so they'll religiously never click on them
I believe that choice should be theirs, not mine.
Unfortunately, it's rarely an informed choice, so as a one-time
advisor on Internet privacy issues, I don't tempt them to make
the wrong decision.
I'd think that what is left of Usenet users nowadays are a lot more
savvy about the Internet than the general population.
Clearly not, when they pepper their postings with data-leaking shortened
urls.
--
Roland Perry
Roger Hayter
2025-01-07 08:58:59 UTC
Reply
Permalink
Post by Roland Perry
Post by Martin Harran
Post by Roland Perry
Post by Martin Harran
Post by Roland Perry
I won't use url shorteners because of the privacy aspects, and I know
some people are concerned and so they'll religiously never click on them
I believe that choice should be theirs, not mine.
Unfortunately, it's rarely an informed choice, so as a one-time
advisor on Internet privacy issues, I don't tempt them to make
the wrong decision.
I'd think that what is left of Usenet users nowadays are a lot more
savvy about the Internet than the general population.
Clearly not, when they pepper their postings with data-leaking shortened
urls.
But then, of course, we all know that if you have nothing to hide then you
have nothing to fear!
--
Roger Hayter
Mark Goodge
2025-01-07 11:38:03 UTC
Reply
Permalink
Post by Roger Hayter
Post by Roland Perry
Post by Martin Harran
Post by Roland Perry
Post by Martin Harran
Post by Roland Perry
I won't use url shorteners because of the privacy aspects, and I know
some people are concerned and so they'll religiously never click on them
I believe that choice should be theirs, not mine.
Unfortunately, it's rarely an informed choice, so as a one-time
advisor on Internet privacy issues, I don't tempt them to make
the wrong decision.
I'd think that what is left of Usenet users nowadays are a lot more
savvy about the Internet than the general population.
Clearly not, when they pepper their postings with data-leaking shortened
urls.
But then, of course, we all know that if you have nothing to hide then you
have nothing to fear!
Well, in this particular case I don't think there's any significant
difference between posting a URL on Usenet that tells everyone you've
visited it and giving that same information to a URL shortening service. So
the OP doesn't, actually, have anything to fear!

There is a potential risk, not to the provider of the link, but to the
person who clicks on it, if the short link redirects somewhere undesirable
rather than leading to the same location as the full URL. But there are ways
to mitigate that risk, if you really don't trust the person who provided it.
You can use the preview version of the link, or use incognito mode on your
browser to view it, both of which will minimise the risk of something
untoward appearing in your browsing history, or use a VPN if you are
concerned about leaking data to the short URL provider or the operator of
the site that it links to. And if you don't trust even those precautions,
then simply don't use the link.

Mark
Pancho
2025-01-07 13:31:52 UTC
Reply
Permalink
Post by Mark Goodge
Well, in this particular case I don't think there's any significant
difference between posting a URL on Usenet that tells everyone you've
visited it and giving that same information to a URL shortening service. So
the OP doesn't, actually, have anything to fear!
There is a potential risk, not to the provider of the link, but to the
person who clicks on it, if the short link redirects somewhere undesirable
rather than leading to the same location as the full URL. But there are ways
to mitigate that risk, if you really don't trust the person who provided it.
You can use the preview version of the link, or use incognito mode on your
browser to view it, both of which will minimise the risk of something
untoward appearing in your browsing history, or use a VPN if you are
concerned about leaking data to the short URL provider or the operator of
the site that it links to. And if you don't trust even those precautions,
then simply don't use the link.
Mark
As a slight aside, don't some URLs embed personal information in the URL
itself. For instance a user ID, but potentially also other personal
stuff. So there is an anonymity risk posing long URLs, original long
format or tiny.

With Amazon links I try to tidy the URL to only include a product id.
(Not that I personally know what the rest of the Amazon URL contains,
just a suspicion)
Mark Goodge
2025-01-07 18:56:32 UTC
Reply
Permalink
Post by Pancho
Post by Mark Goodge
Well, in this particular case I don't think there's any significant
difference between posting a URL on Usenet that tells everyone you've
visited it and giving that same information to a URL shortening service. So
the OP doesn't, actually, have anything to fear!
There is a potential risk, not to the provider of the link, but to the
person who clicks on it, if the short link redirects somewhere undesirable
rather than leading to the same location as the full URL. But there are ways
to mitigate that risk, if you really don't trust the person who provided it.
You can use the preview version of the link, or use incognito mode on your
browser to view it, both of which will minimise the risk of something
untoward appearing in your browsing history, or use a VPN if you are
concerned about leaking data to the short URL provider or the operator of
the site that it links to. And if you don't trust even those precautions,
then simply don't use the link.
As a slight aside, don't some URLs embed personal information in the URL
itself. For instance a user ID, but potentially also other personal
stuff. So there is an anonymity risk posing long URLs, original long
format or tiny.
Yes, although I would expect anyone who is concerned about online safety to
be aware of that and strip that off if necessary. But the number of people
who simply copy and paste URLs containing fbclid values (which inevitably
makes them ridiculously long as well as encoding personal data) suggests
that few people care about this.

Mark
Roland Perry
2025-01-07 19:00:10 UTC
Reply
Permalink
Post by Mark Goodge
Post by Pancho
As a slight aside, don't some URLs embed personal information in the URL
itself. For instance a user ID, but potentially also other personal
stuff. So there is an anonymity risk posing long URLs, original long
format or tiny.
Yes, although I would expect anyone who is concerned about online safety to
be aware of that and strip that off if necessary. But the number of people
who simply copy and paste URLs containing fbclid values (which inevitably
makes them ridiculously long as well as encoding personal data) suggests
that few people care about this.
No, it means they are naive and are putting themselves at risk.
--
Roland Perry
Mark Goodge
2025-01-07 21:06:07 UTC
Reply
Permalink
Post by Roland Perry
Post by Mark Goodge
Post by Pancho
As a slight aside, don't some URLs embed personal information in the URL
itself. For instance a user ID, but potentially also other personal
stuff. So there is an anonymity risk posing long URLs, original long
format or tiny.
Yes, although I would expect anyone who is concerned about online safety to
be aware of that and strip that off if necessary. But the number of people
who simply copy and paste URLs containing fbclid values (which inevitably
makes them ridiculously long as well as encoding personal data) suggests
that few people care about this.
No, it means they are naive and are putting themselves at risk.
That's just a more judgmental way of saying that they don't care about the
risk.

Mark
Roland Perry
2025-01-08 07:46:11 UTC
Reply
Permalink
Post by Mark Goodge
Post by Roland Perry
Post by Mark Goodge
Post by Pancho
As a slight aside, don't some URLs embed personal information in the URL
itself. For instance a user ID, but potentially also other personal
stuff. So there is an anonymity risk posing long URLs, original long
format or tiny.
Yes, although I would expect anyone who is concerned about online safety to
be aware of that and strip that off if necessary. But the number of people
who simply copy and paste URLs containing fbclid values (which inevitably
makes them ridiculously long as well as encoding personal data) suggests
that few people care about this.
No, it means they are naive and are putting themselves at risk.
That's just a more judgmental way of saying that they don't care about the
risk.
Perhaps they don't care because they don't realise what the risk is.
--
Roland Perry
Roland Perry
2025-01-07 18:57:24 UTC
Reply
Permalink
Post by Mark Goodge
Post by Roger Hayter
Post by Roland Perry
Post by Martin Harran
Post by Roland Perry
Post by Martin Harran
Post by Roland Perry
I won't use url shorteners because of the privacy aspects, and I know
some people are concerned and so they'll religiously never click on them
I believe that choice should be theirs, not mine.
Unfortunately, it's rarely an informed choice, so as a one-time
advisor on Internet privacy issues, I don't tempt them to make
the wrong decision.
I'd think that what is left of Usenet users nowadays are a lot more
savvy about the Internet than the general population.
Clearly not, when they pepper their postings with data-leaking shortened
urls.
But then, of course, we all know that if you have nothing to hide then you
have nothing to fear!
Well, in this particular case I don't think there's any significant
difference between posting a URL on Usenet that tells everyone you've
visited it and giving that same information to a URL shortening service. So
the OP doesn't, actually, have anything to fear!
Do keep up!
Post by Mark Goodge
There is a potential risk, not to the provider of the link, but to the
person who clicks on it,
Precisely.
Post by Mark Goodge
if the short link redirects somewhere undesirable rather than leading
to the same location as the full URL.
No, because it hoovers up the information he's visited that site.
Post by Mark Goodge
But there are ways to mitigate that risk, if you really don't trust the
person who provided it.
Not relevant, the people not-being-trusted are the operators of the
shortener site.
Post by Mark Goodge
You can use the preview version of the link, or use incognito mode on your
browser to view it, both of which will minimise the risk of something
untoward appearing in your browsing history,
Again, that's the wrong risk.
Post by Mark Goodge
or use a VPN if you are concerned about leaking data to the short URL
provider or the operator of the site that it links to. And if you don't
trust even those precautions,
The precautions you mention are against other risks, not the data leak.
Post by Mark Goodge
then simply don't use the link.
But people don't generally know that, so they shouldn't be tempted.
--
Roland Perry
Mark Goodge
2025-01-08 11:20:20 UTC
Reply
Permalink
Post by Roland Perry
Post by Mark Goodge
But there are ways to mitigate that risk, if you really don't trust the
person who provided it.
Not relevant, the people not-being-trusted are the operators of the
shortener site.
What evidence do you have that the operators of, for example, TinyURL are
less trustworthy than website operators in general?

After all, every website operator gets a certain amount of your data every
time you use them, even if it's just your IP address, browser UA and the
pages on their site that you've visited. Websites which provide a search,
directory or redirection service get a little bit more, including the search
terms you've used and the links that you've followed. But that's an
unavoidable consequence of the service being used.

If you won't use TinyYRL because you don't want TinyURL to know which links
you've visited, then neither can you use Google, Bing or DuckDuckGo, for
exactly the same reason. But if your web usage is restricted entirely to
manually typing or copying and pasting links rather than following them from
a different site then your web usage is also going to be somewhat limited.
Most people put functionality above that level of privacy paranoia.

Mark
Roland Perry
2025-01-08 11:36:05 UTC
Reply
Permalink
Post by Mark Goodge
Post by Roland Perry
Post by Mark Goodge
But there are ways to mitigate that risk, if you really don't trust the
person who provided it.
Not relevant, the people not-being-trusted are the operators of the
shortener site.
What evidence do you have that the operators of, for example, TinyURL are
less trustworthy than website operators in general?
I have no evidence either way, other than *something* is their revenue
stream, and for free service it's the user's data which provides that.
Post by Mark Goodge
After all, every website operator gets a certain amount of your data every
time you use them, even if it's just your IP address, browser UA and the
pages on their site that you've visited.
But that's just one isolated site, not a url shortener which has much
more reach.
Post by Mark Goodge
Websites which provide a search, directory or redirection service get a
little bit more, including the search terms you've used and the links
that you've followed. But that's an unavoidable consequence of the
service being used.
If you won't use TinyYRL because you don't want TinyURL to know which links
you've visited, then neither can you use Google, Bing or DuckDuckGo, for
exactly the same reason.
No, they are quite different forms of risk. I'm very surprised you don't
realise that.
Post by Mark Goodge
But if your web usage is restricted entirely to
manually typing or copying and pasting links rather than following them from
a different site then your web usage is also going to be somewhat limited.
False dichotomy.
Post by Mark Goodge
Most people put functionality above that level of
Which of course your namesake at Facebook makes billions out of.
Post by Mark Goodge
privacy paranoia.
No, they really are out to get you.
--
Roland Perry
Martin Harran
2025-01-08 17:57:12 UTC
Reply
Permalink
Post by Roland Perry
Post by Mark Goodge
Post by Roger Hayter
Post by Roland Perry
Post by Martin Harran
Post by Roland Perry
Post by Martin Harran
Post by Roland Perry
I won't use url shorteners because of the privacy aspects, and I know
some people are concerned and so they'll religiously never click on them
I believe that choice should be theirs, not mine.
Unfortunately, it's rarely an informed choice, so as a one-time
advisor on Internet privacy issues, I don't tempt them to make
the wrong decision.
I'd think that what is left of Usenet users nowadays are a lot more
savvy about the Internet than the general population.
Clearly not, when they pepper their postings with data-leaking shortened
urls.
But then, of course, we all know that if you have nothing to hide then you
have nothing to fear!
Well, in this particular case I don't think there's any significant
difference between posting a URL on Usenet that tells everyone you've
visited it and giving that same information to a URL shortening service. So
the OP doesn't, actually, have anything to fear!
Do keep up!
Post by Mark Goodge
There is a potential risk, not to the provider of the link, but to the
person who clicks on it,
Precisely.
Post by Mark Goodge
if the short link redirects somewhere undesirable rather than leading
to the same location as the full URL.
No, because it hoovers up the information he's visited that site.
Post by Mark Goodge
But there are ways to mitigate that risk, if you really don't trust the
person who provided it.
Not relevant, the people not-being-trusted are the operators of the
shortener site.
Post by Mark Goodge
You can use the preview version of the link, or use incognito mode on your
browser to view it, both of which will minimise the risk of something
untoward appearing in your browsing history,
Again, that's the wrong risk.
Post by Mark Goodge
or use a VPN if you are concerned about leaking data to the short URL
provider or the operator of the site that it links to. And if you don't
trust even those precautions,
The precautions you mention are against other risks, not the data leak.
Post by Mark Goodge
then simply don't use the link.
But people don't generally know that, so they shouldn't be tempted.
Long live the nanny state!
Spike
2025-01-07 11:18:55 UTC
Reply
Permalink
[…]
Post by Roland Perry
Post by Martin Harran
I'd think that what is left of Usenet users nowadays are a lot more
savvy about the Internet than the general population.
Clearly not, when they pepper their postings with data-leaking shortened
urls.
It might expand the discussion and inform people if you elaborated on the
data-leaking aspect of using shortened URLs.

For example, I use Startpage as a general search engine, which has a
‘Private’ browsing facility. Additionally, I delete all web data from it
after performing a search, so I’m not sure what ‘leaking’ might be taking
place. However, you appear to have expertise in this area which could
usefully be shared to everyone’s benefit.
--
Spike
Roland Perry
2025-01-07 18:58:55 UTC
Reply
Permalink
Post by Spike
[…]
Post by Roland Perry
Post by Martin Harran
I'd think that what is left of Usenet users nowadays are a lot more
savvy about the Internet than the general population.
Clearly not, when they pepper their postings with data-leaking shortened
urls.
It might expand the discussion and inform people if you elaborated on the
data-leaking aspect of using shortened URLs.
For example, I use Startpage as a general search engine, which has a
‘Private’ browsing facility. Additionally, I delete all web data from it
after performing a search, so I’m not sure what ‘leaking’ might be taking
place. However, you appear to have expertise in this area which could
usefully be shared to everyone’s benefit.
When you click on a shortened link, the shortener site knows who you
are, and what you are looking at. That's a data leak.
--
Roland Perry
Spike
2025-01-07 19:27:27 UTC
Reply
Permalink
Post by Roland Perry
Post by Spike
[…]
Post by Roland Perry
Post by Martin Harran
I'd think that what is left of Usenet users nowadays are a lot more
savvy about the Internet than the general population.
Clearly not, when they pepper their postings with data-leaking shortened
urls.
It might expand the discussion and inform people if you elaborated on the
data-leaking aspect of using shortened URLs.
For example, I use Startpage as a general search engine, which has a
‘Private’ browsing facility. Additionally, I delete all web data from it
after performing a search, so I’m not sure what ‘leaking’ might be taking
place. However, you appear to have expertise in this area which could
usefully be shared to everyone’s benefit.
When you click on a shortened link, the shortener site knows who you
are, and what you are looking at. That's a data leak.
I guess it would be hard for the shortner site *not* to know what one is
looking at, otherwise they wouldn’t have anything to shorten.
--
Spike
Roland Perry
2025-01-08 07:48:25 UTC
Reply
Permalink
Post by Spike
Post by Roland Perry
Post by Spike
[…]
Post by Roland Perry
Post by Martin Harran
I'd think that what is left of Usenet users nowadays are a lot more
savvy about the Internet than the general population.
Clearly not, when they pepper their postings with data-leaking shortened
urls.
It might expand the discussion and inform people if you elaborated on the
data-leaking aspect of using shortened URLs.
For example, I use Startpage as a general search engine, which has a
‘Private’ browsing facility. Additionally, I delete all web data from it
after performing a search, so I’m not sure what ‘leaking’ might be taking
place. However, you appear to have expertise in this area which could
usefully be shared to everyone’s benefit.
When you click on a shortened link, the shortener site knows who you
are, and what you are looking at. That's a data leak.
I guess it would be hard for the shortner site *not* to know what one is
looking at, otherwise they wouldn’t have anything to shorten.
Obviously, but what people dismiss rather airily is the fact that the
shortener site is able to build up a profile of what sites you visit,
and conversely a picture of what sort of people visit the site whose
shortened link has been published.
--
Roland Perry
Spike
2025-01-08 09:29:33 UTC
Reply
Permalink
Post by Roland Perry
Post by Spike
Post by Roland Perry
Post by Spike
[…]
Post by Roland Perry
Post by Martin Harran
I'd think that what is left of Usenet users nowadays are a lot more
savvy about the Internet than the general population.
Clearly not, when they pepper their postings with data-leaking shortened
urls.
It might expand the discussion and inform people if you elaborated on the
data-leaking aspect of using shortened URLs.
For example, I use Startpage as a general search engine, which has a
‘Private’ browsing facility. Additionally, I delete all web data from it
after performing a search, so I’m not sure what ‘leaking’ might be taking
place. However, you appear to have expertise in this area which could
usefully be shared to everyone’s benefit.
When you click on a shortened link, the shortener site knows who you
are, and what you are looking at. That's a data leak.
I guess it would be hard for the shortner site *not* to know what one is
looking at, otherwise they wouldn’t have anything to shorten.
Obviously, but what people dismiss rather airily is the fact that the
shortener site is able to build up a profile of what sites you visit,
and conversely a picture of what sort of people visit the site whose
shortened link has been published.
I don’t mean to be rude or offensive, but you seem to have concerns about
privacy. Yet, if one looked over your last 1000 posts to this group, that
would certainly ‘build a picture’ of you. So, what is it that you want to
avoid?
--
Spike
Roland Perry
2025-01-08 11:38:17 UTC
Reply
Permalink
Post by Spike
Post by Roland Perry
Post by Spike
Post by Roland Perry
When you click on a shortened link, the shortener site knows who you
are, and what you are looking at. That's a data leak.
I guess it would be hard for the shortner site *not* to know what one is
looking at, otherwise they wouldn’t have anything to shorten.
Obviously, but what people dismiss rather airily is the fact that the
shortener site is able to build up a profile of what sites you visit,
and conversely a picture of what sort of people visit the site whose
shortened link has been published.
I don’t mean to be rude or offensive, but you seem to have concerns about
privacy. Yet, if one looked over your last 1000 posts to this group, that
would certainly ‘build a picture’ of you. So, what is it that you want to
avoid?
Quite different pictures. And one I control, the other I don't.
--
Roland Perry
Roger Hayter
2025-01-07 22:04:52 UTC
Reply
Permalink
Post by Roland Perry
Post by Spike
[…]
Post by Roland Perry
Post by Martin Harran
I'd think that what is left of Usenet users nowadays are a lot more
savvy about the Internet than the general population.
Clearly not, when they pepper their postings with data-leaking shortened
urls.
It might expand the discussion and inform people if you elaborated on the
data-leaking aspect of using shortened URLs.
For example, I use Startpage as a general search engine, which has a
‘Private’ browsing facility. Additionally, I delete all web data from it
after performing a search, so I’m not sure what ‘leaking’ might be taking
place. However, you appear to have expertise in this area which could
usefully be shared to everyone’s benefit.
When you click on a shortened link, the shortener site knows who you
are, and what you are looking at. That's a data leak.
Your ISP already knows anyway.
--
Roger Hayter
Owen Rees
2025-01-07 23:10:33 UTC
Reply
Permalink
Post by Roger Hayter
Post by Roland Perry
Post by Spike
[…]
Post by Roland Perry
Post by Martin Harran
I'd think that what is left of Usenet users nowadays are a lot more
savvy about the Internet than the general population.
Clearly not, when they pepper their postings with data-leaking shortened
urls.
It might expand the discussion and inform people if you elaborated on the
data-leaking aspect of using shortened URLs.
For example, I use Startpage as a general search engine, which has a
‘Private’ browsing facility. Additionally, I delete all web data from it
after performing a search, so I’m not sure what ‘leaking’ might be taking
place. However, you appear to have expertise in this area which could
usefully be shared to everyone’s benefit.
When you click on a shortened link, the shortener site knows who you
are, and what you are looking at. That's a data leak.
Your ISP already knows anyway.
You have a relationship with your ISP and they are doing business in the
jurisdiction you are in. There are legal obligations in how they handle any
data they hold about you.

I have no idea who operates the various link shortening sites. I may be
able to find out but, unlike my ISP, I am not starting out with a
reasonable assumption that there is at least in theory some legal recourse
should they misuse any information they hold about me.
Roland Perry
2025-01-08 07:49:06 UTC
Reply
Permalink
Post by Roger Hayter
Post by Roland Perry
Post by Spike
[…]
Post by Roland Perry
Post by Martin Harran
I'd think that what is left of Usenet users nowadays are a lot more
savvy about the Internet than the general population.
Clearly not, when they pepper their postings with data-leaking shortened
urls.
It might expand the discussion and inform people if you elaborated on the
data-leaking aspect of using shortened URLs.
For example, I use Startpage as a general search engine, which has a
‘Private’ browsing facility. Additionally, I delete all web data
from it after performing a search, so I’m not sure what
‘leaking’ might be taking place. However, you appear to have
expertise in this area which could usefully be shared to everyone’s benefit.
When you click on a shortened link, the shortener site knows who you
are, and what you are looking at. That's a data leak.
Your ISP already knows anyway.
They are regulated under UK law.
--
Roland Perry
Roland Perry
2025-01-06 10:17:38 UTC
Reply
Permalink
Post by Andy Burns
Post by Spike
In order to avoid situations in which urls in posts become broken, it would
be helpful to put such links between the characters < and > as in the
Chevrons by themselves are no guarantee, the sender needs a client that
doesn't insert line-breaks in the wrong places ...
Strictly speaking, the recipient needs a client which ignores white
space in urls, which is what the rfcs specify. But it does no harm for
senders to try not to insert avoidable white space.
--
Roland Perry
Pamela
2025-01-06 11:21:25 UTC
Reply
Permalink
Post by Spike
In order to avoid situations in which urls in posts become broken, it
would be helpful to put such links between the characters < and > as
<https://mil.in.ua/en/news/the-defense-intelligence-of-ukraine-eliminat
ed-the-chief-of-staff-of-the-storm-ossetia-battalion/>
Another method might be to use the services of a url-shortening web
site such as tinyurl.com (other such sites are available).
The above link becomes <https://tinyurl.com/4h8yjwev> which might
stand a better chance of not becoming mangled.
Note that prepending ‘preview’ (without the quotes) to the tinyurl
link (to give preview.tinyurl.com/whateverwasthereoriginally) will
https://preview.tinyurl.com/4h8yjwev

gives the link original quoted.
HTH
As we're discussing usability of messages, my newsreader doesn't handle
UTF-8 which means I get strange characters appearing in the message
text. For example, your message is in UTF-8 and I see these characters.

Sometimes this problem will also appear in the Subject.

UTF-7 would make these messages more legible.

There's a separate UTF-8 issue regarding gathering stats mentioned in
Mike Goodge's post below last January.

Message-ID: <***@4ax.com>
Andy Burns
2025-01-06 12:09:28 UTC
Reply
Permalink
my newsreader doesn't handle UTF-8
Is 30 years too soon?
which means I get strange characters appearing in the message
text. For example, your message is in UTF-8 and I see these characters.
Sometimes this problem will also appear in the Subject.
Any header field, really
UTF-7 would make these messages more legible.
Except UTF-7 is obsolete and you'll get complaints of e.g. pound symbols
turning into +AKM-
Roger Hayter
2025-01-06 13:11:14 UTC
Reply
Permalink
Post by Andy Burns
my newsreader doesn't handle UTF-8
Is 30 years too soon?
which means I get strange characters appearing in the message
text. For example, your message is in UTF-8 and I see these characters.
Sometimes this problem will also appear in the Subject.
Any header field, really
UTF-7 would make these messages more legible.
Except UTF-7 is obsolete and you'll get complaints of e.g. pound symbols
turning into +AKM-
I don't think Usenet ever required servers to cope with anything else?
--
Roger Hayter
Jon Ribbens
2025-01-06 13:40:54 UTC
Reply
Permalink
Post by Roger Hayter
Post by Andy Burns
my newsreader doesn't handle UTF-8
Is 30 years too soon?
which means I get strange characters appearing in the message
text. For example, your message is in UTF-8 and I see these characters.
Sometimes this problem will also appear in the Subject.
Any header field, really
UTF-7 would make these messages more legible.
Except UTF-7 is obsolete and you'll get complaints of e.g. pound symbols
turning into +AKM-
I don't think Usenet ever required servers to cope with anything else?
For over 15 years Usenet has been required to be 8-bit clean (RFC 5537)
and support MIME encodings and character set information (RFC 5536).
Pamela
2025-01-07 14:42:29 UTC
Reply
Permalink
Post by Andy Burns
my newsreader doesn't handle UTF-8
Is 30 years too soon?
which means I get strange characters appearing in the message text.
For example, your message is in UTF-8 and I see these characters.
Sometimes this problem will also appear in the Subject.
Any header field, really
UTF-7 would make these messages more legible.
Except UTF-7 is obsolete and you'll get complaints of e.g. pound
symbols turning into +AKM-
My newsreader, like so many others, is no longer being upgraded.

UTF-7's character set contains everything required for messages here.
Fancier character sets are not needed.
Spike
2025-01-06 11:56:29 UTC
Reply
Permalink
Post by Pamela
Post by Spike
In order to avoid situations in which urls in posts become broken, it
would be helpful to put such links between the characters < and > as
<https://mil.in.ua/en/news/the-defense-intelligence-of-ukraine-eliminat
ed-the-chief-of-staff-of-the-storm-ossetia-battalion/>
Another method might be to use the services of a url-shortening web
site such as tinyurl.com (other such sites are available).
The above link becomes <https://tinyurl.com/4h8yjwev> which might
stand a better chance of not becoming mangled.
Note that prepending ‘preview’ (without the quotes) to the tinyurl
link (to give preview.tinyurl.com/whateverwasthereoriginally) will
https://preview.tinyurl.com/4h8yjwev
…gives the link original quoted.
HTH
As we're discussing usability of messages, my newsreader doesn't handle
UTF-8 which means I get strange characters appearing in the message
text. For example, your message is in UTF-8 and I see these characters.
Sometimes this problem will also appear in the Subject.
UTF-7 would make these messages more legible.
There's a separate UTF-8 issue regarding gathering stats mentioned in
Mike Goodge's post below last January.
Hmm… NewsTap won’t search on message-ID, can you narrow down Goodge’s post?
--
Spike
Pamela
2025-01-07 14:43:15 UTC
Reply
Permalink
Post by Pamela
Post by Spike
In order to avoid situations in which urls in posts become broken,
it would be helpful to put such links between the characters < and >
<https://mil.in.ua/en/news/the-defense-intelligence-of-
ukraine-eliminated-the-chief-of-staff-of-the-storm-ossetia-
battalion/>
Another method might be to use the services of a url-shortening web
site such as tinyurl.com (other such sites are available).
The above link becomes <https://tinyurl.com/4h8yjwev> which might
stand a better chance of not becoming mangled.
Note that prepending ‘preview’ (without the quotes) to the
tinyurl link (to give
preview.tinyurl.com/whateverwasthereoriginally) will return the
https://preview.tinyurl.com/4h8yjwev

gives the link original quoted.
HTH
As we're discussing usability of messages, my newsreader doesn't
handle UTF-8 which means I get strange characters appearing in the
message text. For example, your message is in UTF-8 and I see these
characters.
Sometimes this problem will also appear in the Subject.
UTF-7 would make these messages more legible.
There's a separate UTF-8 issue regarding gathering stats mentioned in
Mike Goodge's post below last January.
Hmm
 NewsTap won’t search on message-ID, can you narrow down
Goodge’s post?
Try: http://al.howardknight.net/?ID=173619398000
Spike
2025-01-07 15:40:53 UTC
Reply
Permalink
[…]
Post by Pamela
Post by Spike
Post by Pamela
There's a separate UTF-8 issue regarding gathering stats mentioned in
Mike Goodge's post below last January.
Hmm… NewsTap won’t search on message-ID, can you narrow down Goodge’s post?
Try: http://al.howardknight.net/?ID=173619398000
That tells me that Mark Goodge made 1170 posts in 2023…
--
Spike
Pamela
2025-01-07 22:05:32 UTC
Reply
Permalink
[
]
Post by Pamela
Post by Pamela
There's a separate UTF-8 issue regarding gathering stats mentioned in
Mike Goodge's post below last January.
Hmm
 NewsTap won’t search on message-ID, can you narrow down
Goodge’s post?
Try: http://al.howardknight.net/?ID=173619398000
That tells me that Mark Goodge made 1170 posts in 2023

It says:

"The software doesn't decode UTF8, this is a known bug that is still
awaiting the tuit supply to be topped up but, in the meantime, will
affect the stats."
Spike
2025-01-08 09:20:59 UTC
Reply
Permalink
Post by Pamela
Post by Spike
[…]
Post by Pamela
Post by Spike
Post by Pamela
There's a separate UTF-8 issue regarding gathering stats mentioned in
Mike Goodge's post below last January.
Hmm… NewsTap won’t search on message-ID, can you narrow down Goodge’s post?
Try: http://al.howardknight.net/?ID=173619398000
That tells me that Mark Goodge made 1170 posts in 2023…
"The software doesn't decode UTF8, this is a known bug that is still
awaiting the tuit supply to be topped up but, in the meantime, will
affect the stats."
Thanks.

I checked the settings, and UTF-7 isn’t available on my current and
up-to-date phone. There are about 40 alternative character sets, would any
of them be more suitable?
--
Spike
Jon Ribbens
2025-01-08 13:13:36 UTC
Reply
Permalink
Post by Spike
Post by Pamela
Post by Spike
[…]
Post by Pamela
Post by Spike
Post by Pamela
There's a separate UTF-8 issue regarding gathering stats mentioned in
Mike Goodge's post below last January.
Hmm… NewsTap won’t search on message-ID, can you narrow down Goodge’s post?
Try: http://al.howardknight.net/?ID=173619398000
That tells me that Mark Goodge made 1170 posts in 2023…
"The software doesn't decode UTF8, this is a known bug that is still
awaiting the tuit supply to be topped up but, in the meantime, will
affect the stats."
Thanks.
I checked the settings, and UTF-7 isn’t available on my current and
up-to-date phone. There are about 40 alternative character sets, would any
of them be more suitable?
The only suitable character sets for posting to Usenet are ASCII
(which will work everywhere but implies no "special" characters,
forbidding even pound signs, angled quote marks, etc), and UTF-8.
Spike
2025-01-08 13:42:02 UTC
Reply
Permalink
Post by Jon Ribbens
Post by Spike
Post by Pamela
Post by Spike
[…]
Post by Pamela
Post by Spike
Post by Pamela
There's a separate UTF-8 issue regarding gathering stats mentioned in
Mike Goodge's post below last January.
Hmm… NewsTap won’t search on message-ID, can you narrow down Goodge’s post?
Try: http://al.howardknight.net/?ID=173619398000
That tells me that Mark Goodge made 1170 posts in 2023…
"The software doesn't decode UTF8, this is a known bug that is still
awaiting the tuit supply to be topped up but, in the meantime, will
affect the stats."
Thanks.
I checked the settings, and UTF-7 isn’t available on my current and
up-to-date phone. There are about 40 alternative character sets, would any
of them be more suitable?
The only suitable character sets for posting to Usenet are ASCII
(which will work everywhere but implies no "special" characters,
forbidding even pound signs, angled quote marks, etc), and UTF-8.
No ASCII in the character sets here, so UTF-8 it is…
--
Spike
Pamela
2025-01-08 14:55:03 UTC
Reply
Permalink
Post by Jon Ribbens
Post by Spike
Post by Pamela
Post by Pamela
Post by Pamela
There's a separate UTF-8 issue regarding gathering stats
mentioned in Mike Goodge's post below last January.
Hmm
 NewsTap won’t search on message-ID, can you narrow down
Goodge’s post?
Try: http://al.howardknight.net/?ID=173619398000
That tells me that Mark Goodge made 1170 posts in 2023

"The software doesn't decode UTF8, this is a known bug that is still
awaiting the tuit supply to be topped up but, in the meantime, will
affect the stats."
Thanks.
I checked the settings, and UTF-7 isn’t available on my current and
up-to-date phone. There are about 40 alternative character sets,
would any of them be more suitable?
The only suitable character sets for posting to Usenet are ASCII
(which will work everywhere but implies no "special" characters,
forbidding even pound signs, angled quote marks, etc), and UTF-8.
I'm aware UTF-7 contains a few characters which clash with those used on
the wider Internet (such as the plus symbol and the forward slash).
However it seems perfectly suitable for Usenet messages.

In general, UTF-7 may may not be as useful as UTF-8 but that isn't the
issue here. Using UTF-7 gives greater backward compatibility than
UTF-8, as I know with my newsreader.
Martin Harran
2025-01-08 17:59:46 UTC
Reply
Permalink
On Tue, 07 Jan 2025 22:05:32 GMT, Pamela
Post by Pamela
Post by Spike
[…]
Post by Pamela
Post by Spike
Post by Pamela
There's a separate UTF-8 issue regarding gathering stats mentioned in
Mike Goodge's post below last January.
Hmm… NewsTap won’t search on message-ID, can you narrow down Goodge’s post?
Try: http://al.howardknight.net/?ID=173619398000
That tells me that Mark Goodge made 1170 posts in 2023…
"The software doesn't decode UTF8, this is a known bug that is still
awaiting the tuit supply to be topped up but, in the meantime, will
affect the stats."
When I click on it, it says:

"al.howardknight.net doesn’t support a secure connection"
Andy Burns
2025-01-08 18:05:14 UTC
Reply
Permalink
Post by Martin Harran
"al.howardknight.net doesn’t support a secure connection"
Did you alter the http:// to https:// or did your browser do it by itself?
Martin Harran
2025-01-09 08:43:33 UTC
Reply
Permalink
Post by Andy Burns
Post by Martin Harran
"al.howardknight.net doesn’t support a secure connection"
Did you alter the http:// to https:// or did your browser do it by itself?
Neither. Chrome by default throws up a warning on all sites without a
valid SSL cert. This feature can be disabled in settings or using a
browser extension at the user's own risk.
Andy Burns
2025-01-09 09:35:29 UTC
Reply
Permalink
Post by Martin Harran
Post by Andy Burns
Did you alter the http:// to https:// or did your browser do it by itself?
Neither. Chrome by default throws up a warning on all sites without a
valid SSL cert.
Obviously a http:// site can't have a certificate.
Post by Martin Harran
This feature can be disabled in settings or using a
browser extension at the user's own risk.
Chrome isn't my default browser (so I have to paste the link, rather
than click it) but it does as it's told and goes to the http:// site,
and loads it with no mention of certificates or secure connection.
Martin Harran
2025-01-09 10:41:26 UTC
Reply
Permalink
Post by Andy Burns
Post by Martin Harran
Post by Andy Burns
Did you alter the http:// to https:// or did your browser do it by itself?
Neither. Chrome by default throws up a warning on all sites without a
valid SSL cert.
Obviously a http:// site can't have a certificate.
Which is why Chrome throws up a warning for every site that can't be
switched to https.

In todays' Internet world with so many bad actors about [1] and with
the availability of low cost and even free SSL certificates, I find
it hard to understand why the publisher of any site should not use
SSL.

[1] I know that SSL does not eliminate the risks but it does reduce
them.
Post by Andy Burns
Post by Martin Harran
This feature can be disabled in settings or using a
browser extension at the user's own risk.
Chrome isn't my default browser (so I have to paste the link, rather
than click it) but it does as it's told and goes to the http:// site,
and loads it with no mention of certificates or secure connection.
Max Demian
2025-01-09 10:57:41 UTC
Reply
Permalink
Post by Martin Harran
Post by Andy Burns
Obviously a http:// site can't have a certificate.
Which is why Chrome throws up a warning for every site that can't be
switched to https.
In todays' Internet world with so many bad actors about [1] and with
the availability of low cost and even free SSL certificates, I find
it hard to understand why the publisher of any site should not use
SSL.
Most of the sites I visit don't involve any private information either
to or from, and it's a nuisance if the browser whinges.
--
Max Demian
Roland Perry
2025-01-09 11:54:08 UTC
Reply
Permalink
Post by Max Demian
Post by Martin Harran
Post by Andy Burns
Obviously a http:// site can't have a certificate.
Which is why Chrome throws up a warning for every site that can't be
switched to https.
In todays' Internet world with so many bad actors about [1] and with
the availability of low cost and even free SSL certificates, I find
it hard to understand why the publisher of any site should not use
SSL.
Most of the sites I visit don't involve any private information either
to or from, and it's a nuisance if the browser whinges.
Only your identity and the fact you visited. If you don't regard those
as "private information", I can find plenty of people who do.
--
Roland Perry
Spike
2025-01-09 14:28:25 UTC
Reply
Permalink
[…]
Post by Roland Perry
Post by Max Demian
Post by Martin Harran
In todays' Internet world with so many bad actors about [1] and with
the availability of low cost and even free SSL certificates, I find
it hard to understand why the publisher of any site should not use
SSL.
Most of the sites I visit don't involve any private information either
to or from, and it's a nuisance if the browser whinges.
Only your identity and the fact you visited. If you don't regard those
as "private information", I can find plenty of people who do.
Isn’t that an argumentum ad populem?
--
Spike
Roland Perry
2025-01-10 09:09:57 UTC
Reply
Permalink
Post by Spike
[…]
Post by Roland Perry
Post by Max Demian
Post by Martin Harran
In todays' Internet world with so many bad actors about [1] and with
the availability of low cost and even free SSL certificates, I find
it hard to understand why the publisher of any site should not use
SSL.
Most of the sites I visit don't involve any private information either
to or from, and it's a nuisance if the browser whinges.
Only your identity and the fact you visited. If you don't regard those
as "private information", I can find plenty of people who do.
Isn’t that an argumentum ad populem?
No, because it isn't false that those things are private information.
--
Roland Perry
Spike
2025-01-10 11:16:08 UTC
Reply
Permalink
Post by Roland Perry
Post by Spike
Post by Roland Perry
Post by Max Demian
Most of the sites I visit don't involve any private information either
to or from, and it's a nuisance if the browser whinges.
Only your identity and the fact you visited. If you don't regard those
as "private information", I can find plenty of people who do.
Isn’t that an argumentum ad populem?
No, because it isn't false that those things are private information.
“In argumentation theory, an argumentum ad populum (Latin for 'appeal to
the people') is a fallacious argument which is based on claiming a truth or
affirming something is good or correct because many people think so.”

‘I can find plenty of people who do’ would seem to fulfil the requirements
of such an argument.
--
Spike
Roland Perry
2025-01-10 17:57:53 UTC
Reply
Permalink
Post by Spike
Post by Roland Perry
Post by Spike
Post by Roland Perry
Post by Max Demian
Most of the sites I visit don't involve any private information either
to or from, and it's a nuisance if the browser whinges.
Only your identity and the fact you visited. If you don't regard those
as "private information", I can find plenty of people who do.
Isn’t that an argumentum ad populem?
No, because it isn't false that those things are private information.
“In argumentation theory, an argumentum ad populum (Latin for 'appeal to
the people') is a fallacious argument which is based on claiming a truth or
affirming something is good or correct because many people think so.”
‘I can find plenty of people who do’ would seem to fulfil the requirements
of such an argument.
OK, lots of people think the world is round (not flat). Does that
qualify?
--
Roland Perry
Max Demian
2025-01-09 18:06:31 UTC
Reply
Permalink
Post by Roland Perry
Post by Max Demian
 In todays' Internet world with so many bad actors about [1] and with
the availability of low cost and even free SSL certificates,  I find
it hard to understand why the publisher of any site should not use
SSL.
Most of the sites I visit don't involve any private information either
to or from, and it's a nuisance if the browser whinges.
Only your identity and the fact you visited. If you don't regard those
as "private information", I can find plenty of people who do.
The websites don't get my "identity" in any reasonable sense of the word.
--
Max Demian
Mark Goodge
2025-01-09 22:14:08 UTC
Reply
Permalink
Post by Max Demian
Post by Roland Perry
Post by Max Demian
 In todays' Internet world with so many bad actors about [1] and with
the availability of low cost and even free SSL certificates,  I find
it hard to understand why the publisher of any site should not use
SSL.
Most of the sites I visit don't involve any private information either
to or from, and it's a nuisance if the browser whinges.
Only your identity and the fact you visited. If you don't regard those
as "private information", I can find plenty of people who do.
The websites don't get my "identity" in any reasonable sense of the word.
The main reason why the browser gives an error when you visit an insecure
site is that the browser has no way of knowing what data may be being
transmitted to and from the site. So it's taking the safe option and warning
you every time. You are, of course, free to disregard the warning if you
want to.

More generally, given that there are precisely zero circumstances in which
using https will make things worse for the user, but many circumstances in
which it will make things better, using https by default can never be the
wrong choice.

Mark
Max Demian
2025-01-10 18:16:07 UTC
Reply
Permalink
Post by Mark Goodge
Post by Max Demian
Post by Roland Perry
Post by Max Demian
 In todays' Internet world with so many bad actors about [1] and with
the availability of low cost and even free SSL certificates,  I find
it hard to understand why the publisher of any site should not use
SSL.
Most of the sites I visit don't involve any private information either
to or from, and it's a nuisance if the browser whinges.
Only your identity and the fact you visited. If you don't regard those
as "private information", I can find plenty of people who do.
The websites don't get my "identity" in any reasonable sense of the word.
The main reason why the browser gives an error when you visit an insecure
site is that the browser has no way of knowing what data may be being
transmitted to and from the site. So it's taking the safe option and warning
you every time. You are, of course, free to disregard the warning if you
want to.
More generally, given that there are precisely zero circumstances in which
using https will make things worse for the user, but many circumstances in
which it will make things better, using https by default can never be the
wrong choice.
I can't choose whether a website I want to access uses http or https.
It's up to the website operator.

It isn't obvious (or easy) to give me a simple choice whether I want to
"risk it".
--
Max Demian
Roger Hayter
2025-01-10 18:50:35 UTC
Reply
Permalink
Post by Max Demian
Post by Mark Goodge
Post by Max Demian
Post by Roland Perry
Post by Max Demian
Post by Martin Harran
In todays' Internet world with so many bad actors about [1] and with
the availability of low cost and even free SSL certificates, I find
it hard to understand why the publisher of any site should not use
SSL.
Most of the sites I visit don't involve any private information either
to or from, and it's a nuisance if the browser whinges.
Only your identity and the fact you visited. If you don't regard those
as "private information", I can find plenty of people who do.
The websites don't get my "identity" in any reasonable sense of the word.
The main reason why the browser gives an error when you visit an insecure
site is that the browser has no way of knowing what data may be being
transmitted to and from the site. So it's taking the safe option and warning
you every time. You are, of course, free to disregard the warning if you
want to.
More generally, given that there are precisely zero circumstances in which
using https will make things worse for the user, but many circumstances in
which it will make things better, using https by default can never be the
wrong choice.
I can't choose whether a website I want to access uses http or https.
It's up to the website operator.
It isn't obvious (or easy) to give me a simple choice whether I want to
"risk it".
It is actually your browser that makes that choice for you, and refuses to be
overruled, in those cases where the website offers either.
--
Roger Hayter
Roland Perry
2025-01-10 09:10:20 UTC
Reply
Permalink
Post by Max Demian
Post by Roland Perry
Post by Max Demian
 In todays' Internet world with so many bad actors about [1] and with
the availability of low cost and even free SSL certificates,  I find
it hard to understand why the publisher of any site should not use
SSL.
Most of the sites I visit don't involve any private information
either to or from, and it's a nuisance if the browser whinges.
Only your identity and the fact you visited. If you don't regard
those as "private information", I can find plenty of people who do.
The websites don't get my "identity" in any reasonable sense of the word.
Dream on.
--
Roland Perry
Martin Harran
2025-01-09 13:34:35 UTC
Reply
Permalink
Post by Max Demian
Post by Martin Harran
Post by Andy Burns
Obviously a http:// site can't have a certificate.
Which is why Chrome throws up a warning for every site that can't be
switched to https.
In todays' Internet world with so many bad actors about [1] and with
the availability of low cost and even free SSL certificates, I find
it hard to understand why the publisher of any site should not use
SSL.
Most of the sites I visit don't involve any private information either
to or from, and it's a nuisance if the browser whinges.
Without SSL, how do you know it is the site you think it is and not a
redirected copy?
Roger Hayter
2025-01-09 13:43:11 UTC
Reply
Permalink
Post by Martin Harran
Post by Max Demian
Post by Martin Harran
Post by Andy Burns
Obviously a http:// site can't have a certificate.
Which is why Chrome throws up a warning for every site that can't be
switched to https.
In todays' Internet world with so many bad actors about [1] and with
the availability of low cost and even free SSL certificates, I find
it hard to understand why the publisher of any site should not use
SSL.
Most of the sites I visit don't involve any private information either
to or from, and it's a nuisance if the browser whinges.
Without SSL, how do you know it is the site you think it is and not a
redirected copy?
In this case, provided the redirected site gives you the message you want it
may not matter.
--
Roger Hayter
Martin Harran
2025-01-09 17:47:31 UTC
Reply
Permalink
Post by Roger Hayter
Post by Martin Harran
Post by Max Demian
Post by Martin Harran
Post by Andy Burns
Obviously a http:// site can't have a certificate.
Which is why Chrome throws up a warning for every site that can't be
switched to https.
In todays' Internet world with so many bad actors about [1] and with
the availability of low cost and even free SSL certificates, I find
it hard to understand why the publisher of any site should not use
SSL.
Most of the sites I visit don't involve any private information either
to or from, and it's a nuisance if the browser whinges.
Without SSL, how do you know it is the site you think it is and not a
redirected copy?
In this case, provided the redirected site gives you the message you want it
may not matter.
If it contains malware, it might matter quite a bit.
Roger Hayter
2025-01-09 18:11:03 UTC
Reply
Permalink
Post by Martin Harran
Post by Roger Hayter
Post by Martin Harran
Post by Max Demian
Post by Martin Harran
Post by Andy Burns
Obviously a http:// site can't have a certificate.
Which is why Chrome throws up a warning for every site that can't be
switched to https.
In todays' Internet world with so many bad actors about [1] and with
the availability of low cost and even free SSL certificates, I find
it hard to understand why the publisher of any site should not use
SSL.
Most of the sites I visit don't involve any private information either
to or from, and it's a nuisance if the browser whinges.
Without SSL, how do you know it is the site you think it is and not a
redirected copy?
In this case, provided the redirected site gives you the message you want it
may not matter.
If it contains malware, it might matter quite a bit.
Can sites install malware without you volunteering to download anything? If so
it applies equally to any site you visit, whether you know the correct domain
name or not.
--
Roger Hayter
Roland Perry
2025-01-10 09:11:38 UTC
Reply
Permalink
Post by Roger Hayter
Can sites install malware without you volunteering to download anything?
On that narrow point, yes. It's called "drive-by malware".
--
Roland Perry
Roger Hayter
2025-01-10 14:35:33 UTC
Reply
Permalink
Post by Roland Perry
Post by Roger Hayter
Can sites install malware without you volunteering to download anything?
On that narrow point, yes. It's called "drive-by malware".
Then why is that not much more common, given the amount of random clickbait
around? Surely it is something browsers could and should prevent?
--
Roger Hayter
Jon Ribbens
2025-01-10 17:05:54 UTC
Reply
Permalink
Post by Roger Hayter
Post by Roland Perry
Post by Roger Hayter
Can sites install malware without you volunteering to download anything?
On that narrow point, yes. It's called "drive-by malware".
Then why is that not much more common, given the amount of random clickbait
around? Surely it is something browsers could and should prevent?
It is not in fact possible for web sites to do that, in general.
If it was then, as you say, it would happen extremely frequently.
I would imagine most occurrences of such a thing happening are
either people with very old browsers, or people who are tricked
into voluntarily installing software.
Roland Perry
2025-01-10 18:03:06 UTC
Reply
Permalink
Post by Jon Ribbens
Post by Roger Hayter
Post by Roland Perry
Post by Roger Hayter
Can sites install malware without you volunteering to download anything?
On that narrow point, yes. It's called "drive-by malware".
Then why is that not much more common, given the amount of random clickbait
around? Surely it is something browsers could and should prevent?
It is not in fact possible for web sites to do that, in general.
If it was then, as you say, it would happen extremely frequently.
I would imagine most occurrences of such a thing happening are
either people with very old browsers, or people who are tricked
into voluntarily installing software.
Perhaps you should have a word with the authors of:

en.wikipedia.org/Drive-by_download
--
Roland Perry
Roger Hayter
2025-01-10 18:58:04 UTC
Reply
Permalink
Post by Roland Perry
Post by Jon Ribbens
Post by Roger Hayter
Post by Roland Perry
Post by Roger Hayter
Can sites install malware without you volunteering to download anything?
On that narrow point, yes. It's called "drive-by malware".
Then why is that not much more common, given the amount of random clickbait
around? Surely it is something browsers could and should prevent?
It is not in fact possible for web sites to do that, in general.
If it was then, as you say, it would happen extremely frequently.
I would imagine most occurrences of such a thing happening are
either people with very old browsers, or people who are tricked
into voluntarily installing software.
en.wikipedia.org/Drive-by_download
Which says that relies on either unwise actions by the user or vulnerabilities
in the browser or operating system. It suggests that if everything is working
properly and you don't click on things it can't happen.
--
Roger Hayter
Jon Ribbens
2025-01-10 19:55:27 UTC
Reply
Permalink
Post by Roger Hayter
Post by Roland Perry
Post by Jon Ribbens
Post by Roger Hayter
Post by Roland Perry
Post by Roger Hayter
Can sites install malware without you volunteering to download anything?
On that narrow point, yes. It's called "drive-by malware".
Then why is that not much more common, given the amount of random
clickbait around? Surely it is something browsers could and should
prevent?
It is not in fact possible for web sites to do that, in general.
If it was then, as you say, it would happen extremely frequently.
I would imagine most occurrences of such a thing happening are
either people with very old browsers, or people who are tricked
into voluntarily installing software.
en.wikipedia.org/Drive-by_download
Which says that relies on either unwise actions by the user or
vulnerabilities in the browser or operating system. It suggests that
if everything is working properly and you don't click on things it
can't happen.
Exactly, the article backs up me rather than Roland.
Roland Perry
2025-01-11 09:26:13 UTC
Reply
Permalink
Post by Jon Ribbens
Post by Roger Hayter
Post by Roland Perry
Post by Jon Ribbens
Post by Roger Hayter
Post by Roland Perry
Post by Roger Hayter
Can sites install malware without you volunteering to download anything?
On that narrow point, yes. It's called "drive-by malware".
Then why is that not much more common, given the amount of random
clickbait around? Surely it is something browsers could and should
prevent?
It is not in fact possible for web sites to do that, in general.
If it was then, as you say, it would happen extremely frequently.
I would imagine most occurrences of such a thing happening are
either people with very old browsers, or people who are tricked
into voluntarily installing software.
en.wikipedia.org/Drive-by_download
Which says that relies on either unwise actions by the user or
vulnerabilities in the browser or operating system. It suggests that
if everything is working properly and you don't click on things it
can't happen.
Exactly, the article backs up me rather than Roland.
On the contrary, it describes various mechanisms which require no action
by the user.
--
Roland Perry
Roland Perry
2025-01-11 09:22:37 UTC
Reply
Permalink
Post by Roger Hayter
Post by Roland Perry
Post by Jon Ribbens
Post by Roger Hayter
Post by Roland Perry
Post by Roger Hayter
Can sites install malware without you volunteering to download anything?
On that narrow point, yes. It's called "drive-by malware".
Then why is that not much more common, given the amount of random clickbait
around? Surely it is something browsers could and should prevent?
It is not in fact possible for web sites to do that, in general.
If it was then, as you say, it would happen extremely frequently.
I would imagine most occurrences of such a thing happening are
either people with very old browsers, or people who are tricked
into voluntarily installing software.
en.wikipedia.org/Drive-by_download
Which says that relies on either unwise actions by the user or vulnerabilities
in the browser or operating system. It suggests that if everything is working
properly and you don't click on things it can't happen.
Vulnerabilities are inevitable, and as it says the user isn't involved
in triggering them. So unless you can nominate a browser which
"properly" bounces all such attempts (there isn't one) then we are back
to having to use third party anti-malware.
--
Roland Perry
Roger Hayter
2025-01-10 18:52:52 UTC
Reply
Permalink
Post by Jon Ribbens
Post by Roger Hayter
Post by Roland Perry
Post by Roger Hayter
Can sites install malware without you volunteering to download anything?
On that narrow point, yes. It's called "drive-by malware".
Then why is that not much more common, given the amount of random clickbait
around? Surely it is something browsers could and should prevent?
It is not in fact possible for web sites to do that, in general.
If it was then, as you say, it would happen extremely frequently.
I would imagine most occurrences of such a thing happening are
either people with very old browsers, or people who are tricked
into voluntarily installing software.
Unfortunately it is easy to insert a button which says it is doing one thing
but in fact does another. Is this a feasible to trick people into downloading
executable software to a dangerous place merely by doing this?
--
Roger Hayter
Jon Ribbens
2025-01-10 19:49:24 UTC
Reply
Permalink
Post by Roger Hayter
Post by Jon Ribbens
Post by Roger Hayter
Post by Roland Perry
Post by Roger Hayter
Can sites install malware without you volunteering to download anything?
On that narrow point, yes. It's called "drive-by malware".
Then why is that not much more common, given the amount of random
clickbait around? Surely it is something browsers could and should
prevent?
It is not in fact possible for web sites to do that, in general.
If it was then, as you say, it would happen extremely frequently.
I would imagine most occurrences of such a thing happening are
either people with very old browsers, or people who are tricked
into voluntarily installing software.
Unfortunately it is easy to insert a button which says it is doing one
thing but in fact does another. Is this a feasible to trick people
into downloading executable software to a dangerous place merely by
doing this?
Obviously a site can have a button that says "look at lovely pictures
of kittens" but in fact when clicked on tries to download a virus, but
it shouldn't be possible for it to actually succeed without the browser
giving a specific, clear, warning message that has to be explicitly
confirmed.

On the other hand if the button says "download a program to enable you
to watch lovely videos of kittens" and the user therefore deliberately
clicks "yes" to the browser's warning then all bets are off.
Martin Brown
2025-01-10 17:51:27 UTC
Reply
Permalink
Post by Roger Hayter
Post by Roland Perry
Post by Roger Hayter
Can sites install malware without you volunteering to download anything?
On that narrow point, yes. It's called "drive-by malware".
Just being physically connected to the internet can be enough if you
don't have decent firewall protection. Some routers themselves are not
fit for purpose and can be quite easily attacked by malware.

This is an example from last year and a decent manufacturer but it was
still a serious vulnerability according to this source:

https://www.cyfirma.com/research/comprehensive-analysis-of-cve-2024-21833-vulnerability-in-tp-link-routers-threat-landscape-exploitation-risks-and-mitigation-strategies/

Cyber security firms always play up the risks and hardware/software
vendors downplay them. The truth is usually somewhere in between.
Post by Roger Hayter
Then why is that not much more common, given the amount of random clickbait
around? Surely it is something browsers could and should prevent?
In an ideal world yes they should.

Sandboxes and virtual machine tricks can help to avoid malware but a
zero day exploit can cut through anything if the fault is deep enough.

That is one way that state intelligence services install spyware...
--
Martin Brown
Roland Perry
2025-01-10 18:00:01 UTC
Reply
Permalink
Post by Roger Hayter
Post by Roland Perry
Post by Roger Hayter
Can sites install malware without you volunteering to download anything?
On that narrow point, yes. It's called "drive-by malware".
Then why is that not much more common, given the amount of random clickbait
around? Surely it is something browsers could and should prevent?
There are various schemes in place to try to alleviate it, but people
still "get their computers hacked" probably by drive-by malware.

Browsers are insufficiently good at detecting it, there's a significant
market for anti-malware sofware.
--
Roland Perry
Max Demian
2025-01-09 18:08:41 UTC
Reply
Permalink
Post by Roger Hayter
Post by Martin Harran
Post by Max Demian
Post by Martin Harran
Post by Andy Burns
Obviously a http:// site can't have a certificate.
Which is why Chrome throws up a warning for every site that can't be
switched to https.
In todays' Internet world with so many bad actors about [1] and with
the availability of low cost and even free SSL certificates, I find
it hard to understand why the publisher of any site should not use
SSL.
Most of the sites I visit don't involve any private information either
to or from, and it's a nuisance if the browser whinges.
Without SSL, how do you know it is the site you think it is and not a
redirected copy?
In this case, provided the redirected site gives you the message you want it
may not matter.
Exactly. It's just a website. Even with SSL, it might provide wrong
information.
--
Max Demian
Jethro_uk
2025-01-09 13:49:23 UTC
Reply
Permalink
Post by Max Demian
Post by Martin Harran
Post by Andy Burns
Obviously a http:// site can't have a certificate.
Which is why Chrome throws up a warning for every site that can't be
switched to https.
In todays' Internet world with so many bad actors about [1] and with
the availability of low cost and even free SSL certificates, I find it
hard to understand why the publisher of any site should not use SSL.
Most of the sites I visit don't involve any private information either
to or from, and it's a nuisance if the browser whinges.
I have a lot of intranet sites that I CBA to setup SSL for.
Andy Burns
2025-01-09 11:01:04 UTC
Reply
Permalink
Post by Martin Harran
Post by Andy Burns
Obviously a http:// site can't have a certificate.
Which is why Chrome throws up a warning for every site that can't be
switched to https.
Your initial reply seemed to me as though you were saying chrome didn't
load the page at all, for me I didn't get any security message displayed
at all, just get a small "lozenge" in the address bar similar to the old
broken padlock, which if I click does give a message ... I know the bar
is low for certificates now, but for a site with no login and where all
content was scraped from public usenet, I don't find SSL necessary
Post by Martin Harran
In todays' Internet world with so many bad actors about [1] and with
the availability of low cost and even free SSL certificates, I find
it hard to understand why the publisher of any site should not use
SSL.
Peter Walker
2025-01-09 11:16:55 UTC
Reply
Permalink
Post by Martin Harran
Post by Andy Burns
Post by Martin Harran
Post by Andy Burns
Did you alter the http:// to https:// or did your browser do it by itself?
Neither. Chrome by default throws up a warning on all sites without
a valid SSL cert.
Obviously a http:// site can't have a certificate.
Which is why Chrome throws up a warning for every site that can't be
switched to https.
You can turn this off (in Chrome) at:

Safe Browsing > Advanced > Always use secure connections
Post by Martin Harran
In todays' Internet world with so many bad actors about [1] and with
the availability of low cost and even free SSL certificates, I find
it hard to understand why the publisher of any site should not use
SSL.
[1] I know that SSL does not eliminate the risks but it does reduce
them.
Why should a creator of benign content feel the need to pay extra to host
a secure site (as many hosting companies do charge extra for this
privilege)?
Martin Harran
2025-01-09 13:41:28 UTC
Reply
Permalink
Post by Peter Walker
Post by Martin Harran
Post by Andy Burns
Post by Martin Harran
Post by Andy Burns
Did you alter the http:// to https:// or did your browser do it by itself?
Neither. Chrome by default throws up a warning on all sites without
a valid SSL cert.
Obviously a http:// site can't have a certificate.
Which is why Chrome throws up a warning for every site that can't be
switched to https.
Safe Browsing > Advanced > Always use secure connections
Post by Martin Harran
In todays' Internet world with so many bad actors about [1] and with
the availability of low cost and even free SSL certificates, I find
it hard to understand why the publisher of any site should not use
SSL.
[1] I know that SSL does not eliminate the risks but it does reduce
them.
Why should a creator of benign content feel the need to pay extra to host
a secure site
To minimise the risk of somebody setting up a false copy of it for
redirection.
Post by Peter Walker
(as many hosting companies do charge extra for this
privilege)?
Where they do charge, it's usually miniscule [1] compare to the cost
of developing and hosting a site let alone the potential cost if
someone does hack it (in terms of impact on reputation, not direct
liabilities).

[1] Can also be done free. I use letsencrypt on my personal sites;
works fine.
Roger Hayter
2025-01-09 13:52:41 UTC
Reply
Permalink
Post by Martin Harran
Post by Peter Walker
Post by Martin Harran
Post by Andy Burns
Post by Martin Harran
Post by Andy Burns
Did you alter the http:// to https:// or did your browser do it by itself?
Neither. Chrome by default throws up a warning on all sites without
a valid SSL cert.
Obviously a http:// site can't have a certificate.
Which is why Chrome throws up a warning for every site that can't be
switched to https.
Safe Browsing > Advanced > Always use secure connections
Post by Martin Harran
In todays' Internet world with so many bad actors about [1] and with
the availability of low cost and even free SSL certificates, I find
it hard to understand why the publisher of any site should not use
SSL.
[1] I know that SSL does not eliminate the risks but it does reduce
them.
Why should a creator of benign content feel the need to pay extra to host
a secure site
To minimise the risk of somebody setting up a false copy of it for
redirection.
Post by Peter Walker
(as many hosting companies do charge extra for this
privilege)?
Where they do charge, it's usually miniscule [1] compare to the cost
of developing and hosting a site let alone the potential cost if
someone does hack it (in terms of impact on reputation, not direct
liabilities).
[1] Can also be done free. I use letsencrypt on my personal sites;
works fine.
That is only free if you discount your time setting it up.
--
Roger Hayter
Jethro_uk
2025-01-09 14:13:01 UTC
Reply
Permalink
Post by Roger Hayter
Post by Martin Harran
Post by Peter Walker
Post by Martin Harran
Post by Andy Burns
Post by Martin Harran
Post by Andy Burns
Did you alter the http:// to https:// or did your browser do it by itself?
Neither. Chrome by default throws up a warning on all sites without
a valid SSL cert.
Obviously a http:// site can't have a certificate.
Which is why Chrome throws up a warning for every site that can't be
switched to https.
Safe Browsing > Advanced > Always use secure connections
Post by Martin Harran
In todays' Internet world with so many bad actors about [1] and with
the availability of low cost and even free SSL certificates, I find
it hard to understand why the publisher of any site should not use
SSL.
[1] I know that SSL does not eliminate the risks but it does reduce
them.
Why should a creator of benign content feel the need to pay extra to
host a secure site
To minimise the risk of somebody setting up a false copy of it for
redirection.
Post by Peter Walker
(as many hosting companies do charge extra for this
privilege)?
Where they do charge, it's usually miniscule [1] compare to the cost of
developing and hosting a site let alone the potential cost if someone
does hack it (in terms of impact on reputation, not direct
liabilities).
[1] Can also be done free. I use letsencrypt on my personal sites;
works fine.
That is only free if you discount your time setting it up.
The same is true of anything, really.

Letsencrypt does take a little handling. Especially if you want to
seamlessly auto renew domains.
Jethro_uk
2025-01-09 13:51:29 UTC
Reply
Permalink
Post by Peter Walker
Post by Martin Harran
Post by Andy Burns
Post by Martin Harran
Post by Andy Burns
Did you alter the http:// to https:// or did your browser do it by itself?
Neither. Chrome by default throws up a warning on all sites without a
valid SSL cert.
Obviously a http:// site can't have a certificate.
Which is why Chrome throws up a warning for every site that can't be
switched to https.
Safe Browsing > Advanced > Always use secure connections
Post by Martin Harran
In todays' Internet world with so many bad actors about [1] and with
the availability of low cost and even free SSL certificates, I find it
hard to understand why the publisher of any site should not use SSL.
[1] I know that SSL does not eliminate the risks but it does reduce
them.
Why should a creator of benign content feel the need to pay extra to
host a secure site (as many hosting companies do charge extra for this
privilege)?
Or someone using a site on their own intranet:

Webmin (several machines)
HomeAssistant
Get_iplayer
Deluge
MiniDLNA
Andy Burns
2025-01-10 10:19:56 UTC
Reply
Permalink
Post by Jethro_uk
Post by Peter Walker
Why should a creator of benign content feel the need to pay extra to
host a secure site
Webmin (several machines)
In the case of Howard's article lookup, he runs the public site on port
80 and his hosting company runs the Plesk admin console for the VPS on
port 443, maybe he'd need to pay extra to run the site on a public IP
port 443?
Roger Hayter
2025-01-10 12:28:57 UTC
Reply
Permalink
Post by Andy Burns
Post by Jethro_uk
Post by Peter Walker
Why should a creator of benign content feel the need to pay extra to
host a secure site
Webmin (several machines)
In the case of Howard's article lookup, he runs the public site on port
80 and his hosting company runs the Plesk admin console for the VPS on
port 443, maybe he'd need to pay extra to run the site on a public IP
port 443?
Surely it's been easy to run virtual https websites on the same IP address for
a decade or two? It seems to be quite a long time since Apache couldn't do
this.
--
Roger Hayter
Andy Burns
2025-01-10 14:22:36 UTC
Reply
Permalink
Post by Roger Hayter
Post by Andy Burns
In the case of Howard's article lookup, he runs the public site on port
80 and his hosting company runs the Plesk admin console for the VPS on
port 443, maybe he'd need to pay extra to run the site on a public IP
port 443?
Surely it's been easy to run virtual https websites on the same IP address for
a decade or two? It seems to be quite a long time since Apache couldn't do
this.
If it's your box then yes, but if you're paying a couple of quid a month
for AYCE web hosting, you probably don't get much say in the matter.
Mark Goodge
2025-01-09 22:17:48 UTC
Reply
Permalink
Post by Peter Walker
Why should a creator of benign content feel the need to pay extra to host
a secure site (as many hosting companies do charge extra for this
privilege)?
Practically no hosting provider charges extra for SSL these days. If yours
does, find a better provider. Or proxy the site behind a free Cloudflare
account, which will not only give you SSL but also a caching CDN (and hence
better performance for your website) at precisely zero cost.

Mark
Loading...