Ufff, another long post!
My thoughts are that SSL should be enabled all places where possible in the modern world, there really is no excuse not to.
Completely agree. Technologies are available for everybody, not using them is not the best idea.
Now I know what you're thinking "But SSL costs money!".
Running a business company include costs, that's how the world is. If you want a company with no costs, don't have a company and problem solved.
Anyway, the cost of implementing SSL/TLS for a company is like the cost of a candy for an employee, or even less. Don't worry, no company will run out of business due to SSL/TLS implementation for a few basic web sites.
Fundamentally, these forums do not need SSL protection, as there should never be any sensitive information which requires that level of protection.
It's your opinion, and I respect it.
IMHO, there are privacy reasons that justify the adoption of encrypted traffic.
I don't know what you call these forums
, but THIS FORUM allows people to interact with others, and interactions tend to make some kind of personal information to be shared: companies that users worked or are working for, computer details, what cars you drive, opinions, experiences, etc. As you can see, a lot of private information.
If what you suggest is that this forum should be about technical support only, then it should include only an interface to make support questions and be answered, nothing else.
Of course the mean reason of using SSL is to prevent goverments monitoring...
Not for everybody. Governments could have data anyway. The main problem, at least in certain countries, could be regular crime.
My experience is that criminals don't listening to the connection
No, they can pay others for that task.
is a generalization that doesn't make much sense, because crime is very diverse, and depends on each country (even zone) and epoch.
In countries with a lot of crime, it would not be a rare case that some criminals, for example, pay ISP network admins for traffic contents that could be useful for them, so posting a simple sentence such as "I own three of these trucks and they are fantastic", in one country means nothing, but in other countries could mean that you are a possible target for kidnapping or assault, because you have more money than a low-salary employee (because trucks are unaffordable for a low-salary employee).
As you can see, it has no relation to government agencies, it is regular crime.
So, saying "how the crime is
" implies that you have researched how it is around the world, and know every detail, because it depends on many factors and is very variated.
Perhaps The Netherlands is a paradise with low crime statistics, so the only concern is governments. I'm sure that regular crime is the main concern in other countries. Some criminals could be very creative.
My concern as a website owner or website administrator is NOT having a SSL connection, but how I can prevent that criminals getting access to the database via database injection.
BOTH (and many others) protections should be implemented, not one or the other.
In the other hand, if you post as user XXX, even if they get the entire database from the forum, they won't know who is XXX (unless you post your personal data).
If traffic is captured for other people that know who the traffic belongs to (such as ISPs, or any organization that knows about you that is in the middle of your traffic), the problem is concrete, is real. No more, XXX, they know your name, and possibly more personal data. That is when traffic encryption becomes a must.
I can't stand people who completely freaked out if the connection is not a SSL because they affraid their privacy, but meanwhile everything posting at Facebook etc.
I care about my privacy, and don't make public everything at Facebook.
FYI, using generalizations as argument is a formal fallacy, known as Fallacy of Accident
or Fallacy of Sweeping Generalization
. (see here
Don't like how security website is set up delete your account.
It's like saying "don't like how games are, don't buy them".
Supposedly, our feedback could help SCS to improve the games and make them better, as well as our feedback can help SCS to improve their services (in this case, the forum) and make them better.