We don’t force
https by default on the server, which is why the connection security error is displayed. Many browsers are now showing this at all times, when you connect through
http. I still haven’t had a chance to put the forums on my priority list, but that time should actually be coming very soon. We have major changes planned for the Topaz user experience on the main site, which will dominate my time for the next few weeks. Once that is over, though, I’ll be going through the various online presences we have like these forums, and correcting errors anywhere that I see them.
The feed reader/RSS links are actually delivering the Amazon EC2 instance URI, which is creating the “double” links in the email. This is one of a few bugs I have on my list to be corrected.
The use of
https and our trusted SSL Certification will be updated when that happens, as well. It’s worth it to note that you can connect through
https, if you want to. The only reason you’re seeing this
invalid security certificate error is because the SSL certificate is self-signed (meaning we created the cert, not a “trusted authority” like Comodo, Symantec, and Digicert). Basically, the idea is that you should never trust an SSL certificate created by someone you don’t know. However, I can assure you that our SSL cert is safe – we created it. The browser only knows to throw the warning because we signed it ourselves, which is often a sign that a site has been compromised. Again, however, I can confirm that the forums have not been compromised, though we do not use
https, which means we don’t actually leverage the SSL cert that much.
Regarding the use of
https, in the context of login information, it’s worth it to note that the forums use a Single Sign On (SSO) provider to log you in, and that provider is the main Topaz Labs website, which IS forced-https, and DOES have a valid/trusted SSL certificate.
I hope this clarifies, for anyone that was able to follow my response so far =]