Browser Error when opening link to CWD but OK if main site URL accessed directly

[Ronaldo47]

Using incognito mode is the only way I can access the forum when my phone is in the "unsafe"  mode. I had to go incognito earlier today, but at present it is working normally, although it had forgotten my saved sign-in. 

 

Here is a screenshot of my Chrome data. It's the only browser on my phone.

 

 

 

 

Edited April 6 by Ronaldo47

[David Mack]

57 minutes ago, Ronaldo47 said:

Using incognito mode is the only way I can access the forum when my phone is in the "unsafe"  mode. I had to go incognito earlier today, but at present it is working normally, although it had forgotten my saved sign-in. 

 

Here is a screenshot of my Chrome data. It's the only browser on my phone.

 

 

 

 

My Samsung phone is on Chrome 123 and yours on 106. So I would try upgrading Chrome first.

I find the Samsung native browser works well on my phone. As yours is also a Samsung you could give it a try. It can be downloaded from Google Play.

 

[RichM]

1 hour ago, Ronaldo47 said:

Using incognito mode is the only way I can access the forum when my phone is in the "unsafe"  mode. I had to go incognito earlier today, but at present it is working normally, although it had forgotten my saved sign-in. 

 

Here is a screenshot of my Chrome data. It's the only browser on my phone.

 

 

 

 

 

This is an older version of Chrome, nearly 2 years old. Definitely worth updating it as David suggests.

[Ronaldo47]

I have tried visiting the Playstore, but am not offered an update.

 

I have had to log in via the Incognito route to post this. 

 

It seems from feedback on the Chrome playstore link that a recent update has caused a number of problems, at least one of which resembles mine. 

 

 

[RichM]

35 minutes ago, Ronaldo47 said:

I have tried visiting the Playstore, but am not offered an update.

 

I have had to log in via the Incognito route to post this. 

 

It seems from feedback on the Chrome playstore link that a recent update has caused a number of problems, at least one of which resembles mine. 

 

 

 

 

Invariably software updates will often result in exchanging one software bug for another, unfortunately that is the nature of software development - but crucially they also iron out known vulnerabilities during software updates.

[Ronaldo47]

I tried downloading duckgogo but my phone is too old to run it.  

 

It's odd, sometimes the forum opens with no problems, other times I have to go incognito, which means entering user name and password every time. Other sites are starting to go the same way, so it must be down to my phone.

Edited Friday at 10:41 by Ronaldo47
typos

[Tony Brooks]

FWIW, I was told yesterday that Chrome flagged my website as unsafe. How the blankity blank can a text website with absolutely no way of interacting with it, apart from browsing, can be "unsafe" is beyond me. Especially as Chrome is Google, who in my view are one of the biggest exploiters of individuals privacy on this planet. I am sure it is the vested interests trying to force every site to be HTTPS, rather than HTTP. If I were a conspiracy theorist, I might conclude Google are flagging it as dangerous because it does not carry their adverts.

 

Firefox makes it relatively easy to set an exception, so it does not flag HTTP "dangerous site" messages once set. If Chrome wants to play silly beggars than as far as I am concerned I will save myself about £200 a year in hosting and domain fees and delete the site. Thanks to our member, who I think is @Redhawk106, who contacted me and kindly offered to sort it out, but I am too old to jump through hoops imposed by third parties like Google and other browser vendors.

[alias]

1 hour ago, Tony Brooks said:

Firefox makes it relatively easy to set an exception, so it does not flag HTTP "dangerous site" messages once set. If Chrome wants to play silly beggars than as far as I am concerned I will save myself about £200 a year in hosting and domain fees and delete the site. Thanks to our member, who I think is @Redhawk106, who contacted me and kindly offered to sort it out, but I am too old to jump through hoops imposed by third parties like Google and other browser vendors.

 

An exception for http sites is also available for chrome users.

 

To apply it a user needs to go to the site in question (needing to press the "continue to site" button on the warning screen that the site is not https).

 

On getting there to the left of the web address is a button which will say "not secure". Click on that, and then Site settings.

 

Scroll down the permissions list to "insecure content" and change from "block" to "allow", and the browser will remember this preference for this site only. 

 

[Francis Herne]

1 hour ago, Tony Brooks said:

I was told yesterday that Chrome flagged my website as unsafe. How the blankity blank can a text website with absolutely no way of interacting with it, apart from browsing, can be "unsafe" is beyond me. [...] I am sure it is the vested interests trying to force every site to be HTTPS, rather than HTTP.

That will be lack of HTTPS, yes.

 

With unencrypted HTTP it's possible for parties between the client and server to monitor and intercept requests - either just to snoop, or to pretend to be your server and return something malicious instead of what was requested.

 

Examples I'm aware of in the wild:

* operators of public WiFi networks logging users' device info and the pages they visit, then selling the data. (this one also needs encrypted DNS to fix entirely, but browsers are working on that too).

 

* unscrupulous ISPs (looking at you, Virgin Media) returning fake ad-loaded search pages when DNS lookup fails [i.e. there shouldn't really be a page at the address at all]

 

* poorly-configured public WiFi enabling other users to interfere with requests, inserting viruses into the response.

 

* governments (our own, the US and China's among many others) forcing ISPs to let them monitor or interfere with traffic as above.

Chinese entities have repeatedly used a technique called 'BGP hijacking' to redirect traffic between other countries that would never normally pass through China so they can do so.

 

None of these are possible with HTTPS. The nature of the content you intend to serve is moot because the data is tampered with before you receive it and after you send it back.

 

The browser vendors and other large companies don't gain at anyone's expense from using HTTPS - in fact as above it makes certain tracking techniques impossible. Certificates are free these days. It's just standard good practice.

 

I'd also be happy to help with sorting it out, your site's a great resource and it would be a shame to lose it.

Edited Friday at 16:32 by Francis Herne

[Tony Brooks]

9 minutes ago, Francis Herne said:

I'd also be happy to help with sorting it out, your site's a great resource and it would be a shame to lose it.

 

Thanks, but no thanks. I lost too much work with encrypted hard drives when they or the computer crashed, so I avoid encryption if at all possible.

 

Anyway, my time and hence the site's days are numbered. (nothing bad at present, just old age) To be honest, in a number of respects the site is out of date and needs a fair bit of revision, with some stuff like CAN bus and lithium battery system where I don't have sufficient experience or knowledge. I can no longer summon up much enthusiasm, not helped by the way a few posters here treat my best efforts to help others. I have to ensure my wife/children will not be left with trying to close the site down when the time comes, so I must eventually shut it down while I am still able.

[David Mack]

My ISP provides HTTPS for free, and the tutorial on their help pages made it easy to do the conversion.

While you can set a browser exception so that you can view your site without the security risk being flagged, other users will still get the warning, and that will put many off making use of a valuable resource.

[Ronaldo47]

5 hours ago, alias said:

 

An exception for http sites is also available for chrome users.

 

To apply it a user needs to go to the site in question (needing to press the "continue to site" button on the warning screen that the site is not https).

 

On getting there to the left of the web address is a button which will say "not secure". Click on that, and then Site settings.

 

Scroll down the permissions list to "insecure content" and change from "block" to "allow", and the browser will remember this preference for this site only. 

 

I do not get that option with my phone:  there is no button to the left of the address button to click, and I am not given the option of "proceed to site" when trying to access this forum, although I can "proceed anyway" on others. Going incognito works, for the present anyway. 

Edited Friday at 22:10 by Ronaldo47

[Redhawk106]

14 hours ago, Tony Brooks said:

Thanks to our member, who I think is @Redhawk106, who contacted me and kindly offered to sort it out

Yep that was me via email.

 

As others have said, it's that the communication between your web server and your site visitor will be encrypted with Https and not with http.

 

Thing is, for your website it means absolutely nothing as I imagine your users do not enter anything on your website. Its purely a one way data exchange from you to them.

 

Sadly you're the victim of the blanket simple approach for chrome to just say, hey let's encourage everyone to use https so that nobody can snoop on anyone's traffic, regardless of whether the site needs it.

 

I'm still happy to help you sort things out and actually might save you the hosting fees in the process as a bonus. 

 

12 hours ago, Tony Brooks said:

I lost too much work with encrypted hard drives when they or the computer crashed, so I avoid encryption if at all possible.

 

What I am proposing (using https) does not involve encrypting any of your website files, it'll be stored exactly the same as you have it now. The only difference is that the internet traffic between your site and your users is encrypted so nobody can intercept it and read it. And thats the https basically euch will solve the chrome thing. I imagine other browsers wil follow suit at some point.

 

Btw as mentioned by Francis Herne, https is now offered by many for free, such as LetsEncrypt.

 

My suggestion was to host you site on GitHub Pages where you can do so for free, and you get 1GB space and https certificate for free. Also has the added bonus of you being able to allow others to update the site with you if you would like to, but by no means have to.

 

I do this for my parents B&B website and its worked great for them.

 

Let me know, and I'll be sure to make sure it's smooth and easy, but I totally understand if you don't want to.

 

Don't worry your site will still be accessible as it is now, just people might have to click past the warning (as they will have to for many other http sites)

Edited Saturday at 05:43 by Redhawk106

[Paul C]

Encryption at rest is different from encrypted transport.

 

If you encrypt a hard drive make sure you know the password and/or how to recover the data if hard drive corruption occurs (I am guessing it was on one spindle).

[Redhawk106]

Btw, FWIW, whatever you decide to do with your website, for those that know about the Way Back Machine, it turns out they have actually been archiving your website since 2005. So the information on your site will be available there too. You can even go back through the years and see how your site changed.

 

The link is here: https://web.archive.org/web/20231204062155/http://tb-training.co.uk/index.htm

 

Btw, if you don't want me highlighting this here, let me know and I'll delete my post right away. But I only included it as your website is already noted on your profile and seems well known here already.

Edited Saturday at 05:55 by Redhawk106

[Ronaldo47]

Most odd, if I log in after midnight, I can usually access this and other forums where I now get the "unsafe" warning, which is what I am doing now. However, if I then log out and retry, the unsafe warning usually reappears  and it's back to using incognito again.