This message board now uses SSL (http://en.wikipedia.org/wiki/Ssl) encryption by default. What this means is that the connection between your computer and AntiPolygraph.org's server (currently located in Vancouver, British Columbia, Canada) will be encrypted using up to 256-bit AES (http://en.wikipedia.org/wiki/Advanced_Encryption_Standard). This enhances privacy in a number of ways:
1) If you are connecting to AntiPolygraph.org via a public WiFi connection, a packet sniffer (http://en.wikipedia.org/wiki/Packet_sniffer) won't be able to intercept such information as your user ID and password.
2) If you connect to this site via an anonymous proxy such as the Tor network (http://tor.eff.org), the operator of any potential rogue proxy server will not be able to intercept your communications.
3) Potential government monitoring of the communications of posters to this message board should be more difficult.
You may receive a warning that the certificate presented by this website "cannot be verified up to a trusted certification authority." Don't be alarmed. You should find that the certificate was issued by CA Cert Signing Authority (//www.cacert.org) on 10/29/06 and expires on 04/27/07. Fingerprints for the certificate are as follows:
SHA1 Fingerprint 90:70:84:A9:18:66:E9:55:51:2A:15:E9:65:1C:BF:A0:09:7F:40:6F
MD5 Fingerprint 5A:62:F6:8A:DD:7D:90:C5:EC:F0:DE:2B:56:4E:68:3A
Note that links in many messages will take you to unencrypted pages on AntiPolygraph.org. To go to such links with SSL encryption, instead of clicking on the link, first copy and paste it into your browser's destination window, replace "http" with "https," and then hit enter.
On 6 August 2006, AntiPolygraph.org began using a new SSL certificate issued by Starfield Secure Certification Authority. Specifications for this certificate are as follows:
Issue Date: 06 November 2006
Expiration Date: 06 November 2007
Serial Number: 3E:CA:BF
SHA1 Fingerprint: D2:23:3A:3C:45:FA:75:56:F3:5A:0C:45:DF:7D:D2:FA:B4:0A:33:A3
MD5 Fingerprint: 4D:88:AD:95:28:02:D2:55:12:CF:6B:BC:C8:04:64:37
On 15 December 2012, AntiPolygraph.org began using a new SSL certificate issued by RapidSSL CA with the following specifications:
Issue Date: 13 December 2012
Expiration Date: 16 December 2014
SHA1 Fingerprint: 72 51 4B 16 AB E5 5B 6D D9 CA 76 CB A0 33 93 15 E7 A0 0A CC
MD5: 69 36 0E 75 96 C5 D2 3C 08 D6 00 EE 0A 45 17 B3
To enhance the privacy of our visitors, AntiPolygraph.org is now configured to redirect all http traffic to https. The forum has been set up for https connections for some time. But now requests for pages from other parts of the site will also be encrypted. For example, a request for:
http://antipolygraph.org
will now redirect to:
https://antipolygraph.org
On 28 29 August 2013, AntiPolygraph.org began using a new SSL certificate issued by StartCom Ltd with the following specifications:
Issue Date: 28 August 2013
Expiration Date: 29 August 2014
SHA1 Fingerprint: 6D:03:06:8A:A8:5A:53:BE:87:5E:69:02:78:6D:DE:DD:2A:7E:26:9B
MD5 Fingerprint: 8C:D9:25:26:6D:08:10:9D:6C:3F:DF:CA:DC:CD:12:92
Update: A revocation request has been sent for this SSL certificate. Why? The secret key was generated on StartCom's server. As a security precaution, we'll be getting a new certificate with a secret key that was generated on and has never left AntiPolygraph.org's server.
There may be a period between revocation of the existing SSL certificate and issuance and installation of the new one during which your web browser will display warnings that the security of your connection to AntiPolygraph.org is not trusted.
Again on 29 August 2013, AntiPolygraph.org began using a new SSL certificate issued by StartCom Ltd with the following specifications:
Issue date: 28 August 2013
Expiration date: 29 August 2014
SHA1 Fingerprint: C1:85:E3:2B:C3:05:2C:01:03:25:38:9A:EB:7E:54:7C:9D:6A:62:EF
MD5 Fingerprint: EE:BC:8F:48:68:A3:B8:50:AC:91:FB:BE:EF:1A:D8:48
The 4096-bit secret key associated with this certificate was generated on and has never left AntiPolygraph.org's server.
AntiPolygraph.org's server now supports TLS 1.2 and prefers AES 256 to secure connections. In addition, if you use Firefox (including Tor Browser), Chrome, Opera, or Safari, ephemeral key exchange (Perfect Forward Secrecy (https://en.wikipedia.org/wiki/Perfect_forward_secrecy)) is supported. See Qualys SSL Labs' report for AntiPolygraph.org:
https://www.ssllabs.com/ssltest/analyze.html?d=antipolygraph.org
The latest version of Mozilla Firefox (24) has added support for TLS 1.2 (https://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_1.2), which AntiPolygraph.org's server supports. However, support for TLS 1.2 is disabled by default in Firefox.
If you use Firefox, then to enhance the security of your connection:
1) Ensure that you have the latest version of Firefox;
2) In the URL entry field, type "about:config";
3) Search for "security.tls.version.max";
4) Change the value for this field from "1" to "3".
That's it. You'll find documentation of this setting here:
http://kb.mozillazine.org/Security.tls.version.*
If you are using Google Chrome, versions 29 and above support TLS 1.2 by default.
On 17 November 2013, AntiPolygraph.org began using a new SSL certificate issued by RapidSSL CA with the following specifications:
Issue date: 15 November 2013
Expiration date: 18 November 2014
SHA1 Fingerprint: B9 22 55 33 F0 81 2F 2F 19 55 EE EA C9 DA BC 3F DC 0F E1 34
MD5 Fingerprint: FE 8F D6 AE 8E DB 9F 6B E5 2B C0 9B 46 B1 AA 4B
A new 4096-bit secret key was created for use with this certificate. It was generated on and has never left AntiPolygraph.org's server. The old 4096-bit secret key associated with our previous SSL certificate has been deleted from the server.
If you attempt to load www.antipolygraph.org instead of antipolygraph.org, you will receive a warning about a host name mismatch. It's safe to add a security exception.
On 22 November 2013, AntiPolygraph.org began using a new SSL certificate issued by RapidSSL CA with the following specifications:
Issue date: 21 November 2013
Expiration date: 24 November 2014
SHA1 Fingerprint: B8 01 D4 2F 97 2E 11 1A 11 BC 45 7F 46 82 2E 13 0B 07 6F BC
MD5 Fingerprint: 89 FA C1 2D D8 45 2C B7 8E 2D 25 CE 0C 5F DA F2
A new 4096-bit secret key was created for use with this certificate. It was generated on and has never left AntiPolygraph.org's server. The old 4096-bit secret key associated with our previous SSL certificate (issued only a few days ago) has been deleted from the server.
The new certificate is valid for both www.antipolygraph.org and antipolygraph.org, so visitors should not receive warnings about the validity the certificate for either domain.
Earlier this week, a problem arose on the server that hosts AntiPolygraph.org whereby support for Perfect Forward Secrecy (https://en.wikipedia.org/wiki/Forward_secrecy) was lost and many web browser would establish connections using the RC4 cipher, which is reportedly broken (https://twitter.com/csoghoian/status/398062366887522304). As a precaution, this message board and the chat room were temporarily closed.
The problem was fixed by our web hosting company, OrangeWebsite.com by mid-week. However, it remains unclear what caused the problem.
As an additional security precaution, AntiPolygraph.org has today (6 December 2013) begun using a new SSL certificate issued by RapidSSL CA with the following specifications:
Issue date: 5 December 2013
Expiration date: 24 November 2014
SHA-256 Fingerprint: 98 7F 0D E9 97 7F 00 FC F2 8B 96 AC BE F7 09 AF 23 D1 64 9D 3A 81 59 08 A3 68 1F 44 F0 94 42 85
SHA-1 Fingerprint: 37 87 D7 32 0B FF 38 71 2E 73 4E 16 59 1D A0 C6 CE EA 74 75
MD-5 Fingerprint: 37 87 D7 32 0B FF 38 71 2E 73 4E 16 59 1D A0 C6 CE EA 74 75 FE B0 B6 8E 37 F4 22 B5 7D 98 9F 4E 50 10 53 03
A new 4096-bit secret key was created for use with this certificate. It was generated on and has never left AntiPolygraph.org's server. The old 4096-bit secret key associated with our previous SSL certificate has been deleted from the server.
On 12 April 2014, AntiPolygraph.org began using a new SSL certificate issued by RapidSSL CA with the following specifications:
Issue date: 8 April 2014
Expiration date: 24 November 2014
SHA-1 Fingerprint: 91 18 18 91 3F A2 97 E1 A7 8F 11 F9 99 35 B4 40 74 0E 05 19
MD-5 Fingerprint: 23 49 D3 15 04 65 C6 90 5C 71 05 6B FB 1E EB BC
A new 4096-bit secret key was created for use with this certificate. It was generated on and has never left AntiPolygraph.org's server. The old 4096-bit secret key associated with our previous SSL certificate has been deleted from the server.
On 11 September 2014, AntiPolygraph.org began using a new SSL certificate issued by RapidSSL CA with the following specifications:
Issue date: 9 September 2014
Expiration date: 12 December 2016
SHA-256 Fingerprint: 82:6B:89:00:D9:0B:8A:10:1C:94:07:8B:C2:13:71:88:6A:7A:0E:13:80:E4:F9:A2:B5:25:FD
:95:88:EC:84:FD
SHA-1 Fingerprint: 9B:6F:F1:64:C3:B9:C3:CF:33:70:C0:02:0A:63:9C:8D:FC:6B:89:15
A new 4096-bit secret key was created for use with this certificate. It was generated on and has never left AntiPolygraph.org's server. The old 4096-bit secret key associated with our previous SSL certificate has been deleted from the server.
This new certificate has an SHA-256 signature. In addition, AntiPolygraph.org now supports HTTP Strict Transport Security (https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security).
Calomel SSL Validation (https://calomel.org/firefox_ssl_validation.html) now gives AntiPolygraph.org a "100%" rating, and Qualys SSL Labs now gives AntiPolygraph.org (https://www.ssllabs.com/ssltest/analyze.html?d=antipolygraph.org) an "A+" rating.
On 30 May 2015, AntiPolygraph.org began using a new SSL certificate issued by RapidSSL CA with the following specifications:
Issue date: 29 May 2015
Expiration Date: 13 December 2016
SHA-256 Fingerprint: 1B:33:A2:03:BF:27:83:D2:25:B8:83:63:63:33:5E:97:9E:9D:BF:08:8F:41:9F:36:82:20:DF:9B:CE:CF:E4:47
SHA-1 Fingerprint: D7:A3:14:4C:82:29:93:9D:73:A9:F4:43:72:90:62:0F:17:94:14:20
A new 4096-bit secret key was created for use with this certificate. It was generated on and has never left AntiPolygraph.org's server. The old 4096-bit secret key associated with our previous SSL certificate has been deleted from the server.
Calomel SSL Validation (https://calomel.org/firefox_ssl_validation.html) continues to give AntiPolygraph.org a "100%" rating, and Qualys SSL Labs again gives AntiPolygraph.org an "A+" rating (https://www.ssllabs.com/ssltest/analyze.html?d=antipolygraph.org). (The rating had slipped to "A" owing to an SHA1 signature associated with an intermediate certificate. The intermediate certificate now has an SHA-256 signature.)
In addition, AntiPolygraph.org is included (https://code.google.com/p/chromium/codesearch#chromium/src/net/http/transport_security_state_static.json&l=1954) in Chromium's HSTS Preload List. This means that web browsers which use the list, including Google Chrome, Mozilla Firefox, and Safari will always use HTTPS to connect to AntiPolygraph.org. In the future, Microsoft Internet Explorer will also support HSTS and will incorporate the Chromium preload list (http://blogs.msdn.com/b/ie/archive/2015/02/16/http-strict-transport-security-comes-to-internet-explorer.aspx).
On 3 July 2016, AntiPolygraph.org began using a new SSL certificate issued by Let's Encrypt (https://letsencrypt.org/) with the following specifications:
Issue date: 3 July 2016
Expiration date: 1 October 2016
SHA-256 Fingerprint: 6B:9D:1F:44:9A:6A:59:D5:2D:D6:92:8B:AF:95:D3:DD:11:1C:B8:21:21:0F:20:E7:32:8C:3F:63:DB:83:BA:15
SHA-1 Fingerprint: 3B:5B:FA:FA:0E:8F:CF:DC:05:D3:E9:A3:74:36:F1:E5:28:3E:A5:89
A new 4096-bit secret key was created for use with this certificate. It was generated on and has never left AntiPolygraph.org's server. The old 4096-bit secret key associated with our previous SSL certificate will be deleted from our old server along with all other data there.
Calomel SSL Validation (https://calomel.org/firefox_ssl_validation.html) continues to give AntiPolygraph.org a "100%" rating, and Qualys SSL Labs continues to give AntiPolygraph.org an "A+" rating (https://www.ssllabs.com/ssltest/analyze.html?d=antipolygraph.org).
On 1 September 2016, AntiPolygraph.org began using a new SSL certificate issued by Let's Encrypt (https://letsencrypt.org/) with the following specifications:
Issue date: 1 September 2016
Expiration date: 30 November 2016
SHA-256 Fingerprint: 6D:5A:81:3A:5B:44:D0:2C:1A:16:FB:B4:7B:E1:92:4A:C8:32:C1:4E:C8:4B:BF:11:C9:10:F4:7E:02:DB:06:25
SHA-1 Fingerprint: 32:45:B8:47:75:78:7B:B2:F6:94:73:A1:73:59:A9:28:36:01:6B:87
A new 4096-bit secret key was created for use with this certificate. It was generated on and has never left AntiPolygraph.org's server. The old 4096-bit secret key associated with our previous SSL certificate has been deleted.
Calomel SSL Validation (https://calomel.org/firefox_ssl_validation.html) continues to give AntiPolygraph.org a "100%" rating, and Qualys SSL Labs continues to give AntiPolygraph.org an "A+" rating (https://www.ssllabs.com/ssltest/analyze.html?d=antipolygraph.org).