After wat happened with Oink, I think all good trackers should implement Secure Sockets Layer (SSL via HTTPS). It will b more secure coz the login system will b encryted via their own certificate. RTSv2 has already done tat. Won't it be more secure for users? Is there any negativity with the SSL protocol? Suggestions plz.

It encrypts traffic between the user and the server, nothing else.

It encrypts traffic between the user and the server, nothing else.exactly. It would still be just as easy for a baddie to sign-up or get an invite and have access to the site.

what makes you think an ssl can save a site ?? :blink:

it just makes a site secure from a sniffing attack ..

As for "negativity", it can cripple your server. SSL requests take a lot more processing than plain text requests.

BTW, I wouldn't take the fact that RTS introduced SSL as any sign of security. They did after all have a leaky database which is something no SSL will protect against.

so there is no real point for SSL then...i mean u can still get attacks n leaky database even with SSL.

Actually sites need to do four things:
1. Protect their servers - rent them in countries where it is difficult for authorities to confiscate them.
2. Protect identities of the site owner - use some kind of anonymous companies to rent servers. One-day company used for tax reduction schemes and other borderline legal activities costs around $500 where I live.
3. Protect their users - have everything encrypted so only undercover work can harm users. Although some countries (e.g. UK) start to implement laws that allow to send people into jail for not disclosing encryption key. AFAIK, it's only limited to organised crime and terrorism cases but who knows what's next.
4. A disaster recovery plan. Safely hidden backups of everything needed to run the site.

Also I think it's not the best idea to store donations at PayPal. I heard PayPal closes accounts without a second thought.

Actually sites need to do four things:
1. Protect their servers - rent them in countries where it is difficult for authorities to confiscate them.
2. Protect identities of the site owner - use some kind of anonymous companies to rent servers. One-day company used for tax reduction schemes and other borderline legal activities costs around $500 where I live.
3. Protect their users - have everything encrypted so only undercover work can harm users. Although some countries (e.g. UK) start to implement laws that allow to send people into jail for not disclosing encryption key. AFAIK, it's only limited to organised crime and terrorism cases but who knows what's next.
4. A disaster recovery plan. Safely hidden backups of everything needed to run the site.

Also I think it's not the best idea to store donations at PayPal. I heard PayPal closes accounts without a second thought.

Most of the things you mentioned are good points.
And yes some countries in Europe even have laws against using too high a encryption algarythm as well. For instance I believe a few years ago you could get in trouble for using more than 128 bit encryption. (Could be wrong but it was somewhere around that figure in Spain.)

The SSL in itself doesnt real do much or protect much. Its kinda pointless other than having the trackers www running off a differant port which helps when being ddos' their isnt much else it really does.


so there is no real point for SSL then...i mean u can still get attacks n leaky database even with SSL.
Exactly.

And yes some countries in Europe even have laws against using too high a encryption algarythm as well. For instance I believe a few years ago you could get in trouble for using more than 128 bit encryption. (Could be wrong but it was somewhere around that figure in Spain.)


Yep, having an encryption higher than 128bit is illegal in alot of countries. But either way you have to supply them with the encryption key if asked
But if it were my server I would have 1 key that unlocks and 1 key that destroys the hdd. So basically if its raided, and you were detained and asked for the key, give em the wrong one ;)

And yes some countries in Europe even have laws against using too high a encryption algarythm as well. For instance I believe a few years ago you could get in trouble for using more than 128 bit encryption. (Could be wrong but it was somewhere around that figure in Spain.)


Yep, having an encryption higher than 128bit is illegal in alot of countries. But either way you have to supply them with the encryption key if asked
But if it were my server I would have 1 key that unlocks and 1 key that destroys the hdd. So basically if its raided, and you were detained and asked for the key, give em the wrong one ;)

AFAIK encryption and the right to not testify against yourself is still a gray area. It's even more difficult with the international nature of the internet. Anyway, don't think someone could get away with destruction of evidence. The person who'll give police the key to destroy the data will end up in jail for sure. Not mention technical problems with this scenario.

Here's the article about UK goverment proposition on encryption http://news.zdnet.co.uk/security/0,1000000189,39269746,00.htm

Yep, having an encryption higher than 128bit is illegal in alot of countries. But either way you have to supply them with the encryption key if asked
But if it were my server I would have 1 key that unlocks and 1 key that destroys the hdd. So basically if its raided, and you were detained and asked for the key, give em the wrong one ;)

AFAIK encryption and the right to not testify against yourself is still a gray area. It's even more difficult with the international nature of the internet. Anyway, don't think someone could get away with destruction of evidence. The person who'll give police the key to destroy the data will end up in jail for sure. Not mention technical problems with this scenario.

Here's the article about UK goverment proposition on encryption http://news.zdnet.co.uk/security/0,1000000189,39269746,00.htm

I would just not giveup the key.

Since technically they wont guess it...
and youd probably get more then 2 yrs for giving it... lol
Take the 2 yrs in jail. lmao

AFAIK encryption and the right to not testify against yourself is still a gray area. It's even more difficult with the international nature of the internet. Anyway, don't think someone could get away with destruction of evidence. The person who'll give police the key to destroy the data will end up in jail for sure. Not mention technical problems with this scenario.

Here's the article about UK goverment proposition on encryption http://news.zdnet.co.uk/security/0,1000000189,39269746,00.htm

I would just not giveup the key.

Since technically they wont guess it...
and youd probably get more then 2 yrs for giving it... lol
Take the 2 yrs in jail. lmao

I guess they intend to force people to strike a deal. Help the prosecution to sue all your contacts into jail or get 2 years.