WWW . TEL . COMMUNITY - The .tel domain forum

Welcome to the Tel.community.

You are invited to participate in the growing .tel
community!

To take full advantage of everything offered by
our forum, please log in if you are already a
member or join our community if you're not yet.

The registration at TelTalk.org is free and easy!

Thank you for participation!
WWW . TEL . COMMUNITY - The .tel domain forum

Welcome to the objective forum for .tel domains! Read it first when anything is happening with .tel!

Please join the LIVE CHAT for all REGISTERED members at the bottom of our forum!

Starting January 2017, all .tel domains won't be secure anymore

Share
avatar
FrankW.
Senior Member
Senior Member

Join date : 2012-10-08
Posts : 282 Points : 10028
Reputation : 134
Warning level : 100 %

Starting January 2017, all .tel domains won't be secure anymore

Post by FrankW. on Wed 21 Sep 2016, 3:47 pm

Google to slap warnings on non-HTTPS sites:

https://nakedsecurity.sophos.com/2016/09/09/google-to-slap-warnings-on-non-https-sites/

.tel domains haven't gotten any development since many years.
Since they don't support HTTPS, they will be flagged as "Not Secure".

whatthetel
Junior Member
Junior Member

Join date : 2016-09-03
Posts : 45 Points : 1956
Reputation : 35
Warning level : 100 %

Re: Starting January 2017, all .tel domains won't be secure anymore

Post by whatthetel on Sat 24 Sep 2016, 9:52 am

The point of a dot tel is to share and transfer data freely, in this usage case https is not needed as there is no need to secure anything on the front end if you use dot tel like this.

The reason why Telnic don't use it is because they're obsessive about "page loading times" (hence the low-quality template's), adding https slows the page loading down and they wanted to market tel as "faster than any other site/service for retrieving contact data".

Though you can have private data, and if you do have private data stored in the dot tel when viewing it you should be in https, but I believe you're redirected to another proxy section / service that renders the contact data in https? http://telfriends.tel/login_input.action ?

The only reason you'd need https to cover the whole proxy is to prevent someone knowing what you did on a tel? if you clicked a link? called a number? as they can still see you visited a dot tel site if you use https, and as there is not much contact data on one someone would have to assume you clicked on something to contact them, so I don't think https would make much difference on a low content site.

However, can https prevent someone changing the contact data as it's in transit to your browser or mobile device? so you dont end up calling an injected premium number when you actually wanted to call someone else?

In cryptography and computer security, a man-in-the-middle attack (often abbreviated to MITM, MitM, MIM or MiM attack or MITMA) is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.

The internet says this assumption is wrong,

https://www.linkedin.com/pulse/does-https-prevent-man-middle-attacks-eric-diehl

The only reason we'd need https is to protect google rankings and ensure people visit the dot tel to contact us, as they would be conditioned to avoid non-https by google and other search engines / browsers.

So you're right it should be implemented, as should google, email, or sms 2-factor authentication for the telhosting as these tel domains are supposed to hold important contact data why are the telhosting logins not protected fully from hacks?

    Current date/time is Sun 27 May 2018, 9:56 am