半肾
精华
|
战斗力 鹅
|
回帖 0
注册时间 2016-6-2
|
本帖最后由 Ember 于 2017-7-22 22:31 编辑
一个困难的请愿:请 Valve 启用全站 SSL 加密。
这次我们是认真的。
虽然我们知道全站 SSL 加密会带来什么可能风险。
但从如今的情况看,不加密,我们的个人信息太容易被 ISP 获取了。长远来看这不是个好事。
我有几个论点:
- 如今各种关键字触发商店页面无法访问的情况,是否可以继续?
- Steam 是强制商店与社区页面不使用 HTTPS。改为允许用户选择使用 HTTPS,是否可以?
- 如果你身在国外,是否也想被 ISP 知道你的个人购买能力?
- Steam 本来有一段时间是允许 HTTPS 的,我认为没有技术问题,除了社区页面上的站外 HTTP 内容可能无法显示这点。
 刚看到,真他妈服了
-
阀门还行
First, to "re-enbale" would mean that it was enabled to begin with. Steam has never been a full HTTPS site,
Now:
http://www.seoblog.com/2016/09/risks-entire-site-https/
http://www.seoblog.com/2014/10/w ... https-seo-benefits/
There is little reason to go full HTTPS when most of what a user does is post in a public forum or in public areas. Steam uses HTTPS where needed, such as log-in, shopping cart and payment information so your private information is secure.
I don't see a real reason or benefit to switch to full HTTPS.
As for why not to:
HTTPS does not play well with proxy caches or load balancing and we all know how badly those are needed on Steam, especialy during sales times.
As for one of the issue stated on the OP's twitter:
"So basically @steam_games put me in a position easily trackable and identifiable by my ISP, and whoever controls them."
HTTPS won't prevent your ISP from being able to track you, only prevent them from seeing what is on the page you are posting in.
http://www.pcworld.com/article/3 ... m-tracking-you.html
"What it doesn’t do, however, is stop your ISP from seeing which sites you visit. Only the contents of your communication are protected. So your ISP will know you visited YouTube, but not what you watched while you were there, or the specific pages you visited."
引用自 Socialist Butterfly:
And then the chinese government blocked steam altogether, because https can't stop that. And everyone lived unhappily ever after.
This is another issue. Using full HTTPS, especialy if all sites start doing it, is likely to trigger them to be even harsher with their sysem of control. They can block all sites but the approved versions or require a company that wants to do buisness to have an internal site set up in China so they can actively monitor, despite HTTPS encryption. Chine isn't exactly subtle when it comes to it censorship of the internet and there is little stopping them for doing anything against it.
引用自 Jamesits:
This is definite urgent, when you have an ISP who injects ads in every HTTP page...
That is between you and the ISP as that is how they make money, especialy free ISPs. Blocking those ads is most likely against your terms of service an can lead to termination of the account and being sued for lost revenues by them.
Besides, the ISP that do that often require you run their browser and can still inject ads through that, despite HTTPS.
-----
Please keep in mind that these are my personal views on the matter. I am not for or against the idea, just don't see a reason for it. Valve will come to their own conclusion, if they have not already.
最后由 Spawn of Totoro 编辑于; 28 分钟以前
|
|
楼主: 洗刷刷
沪公网安备 31010702007642号 )
发表于 2017-7-22 17:50
几位指责港台的一样拿不什么方法嘛
反正我这隔一段时间换点问题
