Maybe its just that they don't understand what they are doing, I don't want to place blame on somebody for doing something unawares. But it is extremely important nowadays to keep an eye out for these kinds of things.
You know who you are. I see what you're up to.
Unless you're submitting info to said sites, this is really a non issue.
I might not be a wizard with code, but I know enough about network security to call BS on that. https://developers.google.com/web/fundamentals/security/encrypt-in-transit/why-https
not wholly necessary for every situation.
Its never necessary unless a service requires it, but https is a prerequisite for having any vague shot at anonymity online.
HTTPS protects the integrity of your website
What that means is that, it's sort of like having a friend that says you are who you are. Someone may not trust you, but they trust your friend, so they'll accept you because they trust their friend. That's the extent of it. That's what a SSL certificate does primarily to maintain integrity.
The other thing it does is provides an encryption keypair, together with that trusted certificate, that the client and server can use to communicate. The strength will vary, but this can be done with a self-signed certificate just as well as a certificate from a proper provider. The difference is trusting that you are who you say you are.
https is a prerequisite for having any vague shot at anonymity online.
This depends how you define it. Are you worried about IP addresses being logged? Because that happens in the web server's access log regardless of HTTP or HTTPS. Other than that, are you concerned about a man in the middle (MITM) attack? HTTPS does help with that, so long as you're not blindly clicking past security warnings.
HTTPS provides security, not anonymity. Proactive steps on your part like using a VPN and, most importantly, not providing identifying information about yourself are the most important part for that. If you must provide said information you want to do that across an encrypted connection, HTTPS, which aids in protecting your sensitive data. Of course, if the people on the other end aren't doing what they should be doing, it's irrelevant anyway--think LinkedIn, Ashley Madison, Equifax, etc. You better believe they used HTTPS, but they left the back door open.
This depends how you define it. Are you worried about IP addresses being logged?
Not so much. I can use a VPN or TOR if I want to hide my IP. You can't hide from metadata though.
not providing identifying information about yourself
This is the real problem I see. Lets say for the sake of argument a mysterious doxer has the access population parameters for the entire planet. Basically the google advertising database.
If they see you click a link about, Seattle's opiate-riddled mussels, and another about the best ultralight backpacking gear, its not a huge stretch to assume that you are probably a resident of the NW USA, probably from Washington, who spends time doing extended hikes. In other words, that narrows you down from one in billions, to one in maybe 25,000 people. And that's just two datapoints. Two or three more, and you can (with high certainty) determine the identity of an anon based on just those clicks, zero text-entry, and zero IP leaks.
I realize access to google is a big if. But if you combine a MitM attack with metadata, I'd wager that a creative hacker with above-average resources could dox just about anyone with social media presence.
No, I'm not claiming that they are up to anything. I simply have noticed their posting habits. There are two users here who I have confirmed to only post http sites.
If sidewalker is too kind too kind to speculate, I will. To my knowledge there are three reasons to actively remove an 's' from every link you post.
You have a way of tracking those links, and want to harvest metadata on users of semi-anon social media sites.
You're trying to get people used to clicking links with the "!" icon next to them, so that people will be more likely to click an actual nasty link in the future.
Your bot gets broken by https for some reason, which is why several high-post/low-comment users all stopped posting https links at the same time on multiple websites.
Well I post links from abc.net.au sometimes and they don't use https. So me using that is not actively removing the S.
If people are clicking on http sites, they either don't care or do care or are too apathetic or stupid to protect themselves from it. Either way, it's on them.
What would be the benefit of running a bot on Phuks?
Well I post links from abc.net.au sometimes and they don't use https. So me using that is not actively removing the S.
Its a different story if the site doesn't use https. Many news sites don't, so I don't find that suspicious. On the other hand, I know for a fact that archive.is does use https. Their search engine results all link to https, and I have to actually remove that 's' to get an http page to load.
If people are clicking on http sites, they either don't care or do care or are too apathetic or stupid to protect themselves from it.
You'll get no argument from me on this one.
Either way, it's on them.
Some might say its their duty to educate the stupid, but in essence you're correct. They're on the hook for their own actions.
What would be the benefit of running a bot on Phuks?
I can only guess at their personal motivation, but a bot like that would generally be useful for posting to multiple sites with a single button-press, or automatically posting from an RSS feed.
Motivations might include advertising one's own work, promoting one's ideology, sliding forums during times of bad PR events, spreading malicious links, or simply because you want to share information you like to all your favorite sites rather than just your little corner of the internet. Your guess is as good as mine.
I see what you're up to
I was referring to this ^
Anyway, see my reply to sarcastaway. It gets to a point where I'm going to do what I will and if they spy on me then there's not a lot I can do about it really. If I think too much about it I lose my freedom through fear. I use a VPN and some security tools, if they can bypass that then I guess they can see I'm reading about strange wolves on BBC.
And you sound like a bitch.
Unless you're submitting info to said sites, this is really a non issue. Using SSL on websites is generally recommended, but not wholly necessary for every situation.