I just want you all to know that I was completely correct about DDO, the warnings are back.

Author: RationalMadman

Posts

Total: 50
RationalMadman
RationalMadman's avatar
Debates: 555
Posts: 19,351
10
11
11
RationalMadman's avatar
RationalMadman
10
11
11

If you genuinely trust this website, you have no idea what has happened, they have new anonymous owners. Juggle is dead as a corporation. It is a phishing site, they are garnering data on you, DO NOT THINK FOR A SINGLE SECOND your PMs are not being read by the people behind it!

It is absolutely exposed, it has certified its own HTTPS via an account it bought on Amazon. Chrome and Firefox both noticed this.

To get this error message, insist to your browser it goes to the HTTPS (not HTTP) version and have good settings on your browser. 
Ramshutu
Ramshutu's avatar
Debates: 43
Posts: 2,768
6
9
10
Ramshutu's avatar
Ramshutu
6
9
10
Bahahahahahahah


“Firefox does not trust this site, as it uses a certificate that is not valid for “debate.org”. The certificate is only valid for “*.debate.org”



RationalMadman
RationalMadman's avatar
Debates: 555
Posts: 19,351
10
11
11
RationalMadman's avatar
RationalMadman
10
11
11
It is a phishing method it has used to get Amazon to certify it. It has certified its own HTTPS via some means it has purchased on Amazon. The domain of the HTTPS certificate is apparently owned by and unique to debate.org itself. That is why both Firefox and Chrome are noticing it. I also noticed it is doing a redirect before you hit the main website that is running javascript but it is so instantaneous, you can't notice it. If you visit pages on DDO (not the main site itself) from google searches or via some links on it, it will actually try redirecting you elsewhere than DDO but then back onto the real page.

There is something very shady going on and the anonymous owners of DDO are clearly in on it.

RationalMadman
RationalMadman's avatar
Debates: 555
Posts: 19,351
10
11
11
RationalMadman's avatar
RationalMadman
10
11
11
The certificate that DDO is using is not a trusted one that any other website than itself uses to validate its legtitmate encryption and ownership.
Ramshutu
Ramshutu's avatar
Debates: 43
Posts: 2,768
6
9
10
Ramshutu's avatar
Ramshutu
6
9
10
No it means you don’t understand what you’re looking at:

an SSL test for www.debate.org is fine:


An SSL test for “debate.org” fails because the domain is *.debate.org; which doesn’t match the domain pattern.


Tracert online says that they resolve to the same IP address:

(check it here)


So no, what you’re saying is untrue - the certificate passes an ssl test, the certificate search is just being confused by the lack of a “www.” - if you type in “www.debate.org” it will be fine. 


Ramshutu
Ramshutu's avatar
Debates: 43
Posts: 2,768
6
9
10
Ramshutu's avatar
Ramshutu
6
9
10
So please stop making things up that you obviously don’t know about - as you the things you’ve said clearly show you’re ignorant of the technology
RationalMadman
RationalMadman's avatar
Debates: 555
Posts: 19,351
10
11
11
RationalMadman's avatar
RationalMadman
10
11
11
Stop talking to me like I'm your fucking underling who is a piece of dirt to smirk at and humiliate even when I am trying to warn people not to go on a dangerous competitor of this website that may get their login details if they use the same password as here etc.

I am not interested in your putrid tone and attitude, go and talk to your reflection like that. I am here warning people. Tell me, who owns DDO?


The registrant of DDO ownership is clickablenames.com. This is not a case of them 'selling it to Juggle' like we were told, they have owned it the entire time and are only interested in generating revenue from superficial activity rates and the garnering of user data. What they then do with that data, no one knows. They clearly are not just interested in 'clickable names' they never actually sold the true domain of the website since 2015. From 28th July 2015, Juggle clearly sold the site back to Clickable Names (which makes sense, it was when Juggle suddenly began updating nothing on the website at all and it was hard to get Airmax to explain why). From that point forth it has been run by either neglectful or abusive owners that have enabled adspam bots that were advertising pirated content download links on a high-ranking website, and in turn enjoyed the activity-rate superficially going up. Shortly after the attacks, they qualified for a big sale to an advertising company and if you visit the website without adblock of any kind, it's jampacked with endless ads not just at the bottom but throughout (trip-links are coming soon probably etc, making it hard not to click an ad while you're there).

They got their own HTTPS registered, unique to themselves. This means they themselves certify that they are running a legitimate website with no leaks of data or shady shit going on in the behind-the-scenes coding and security of the database. They even ban my HTTPS Everywhere app from using public domain means of certifying a website in the most basic way via SSL encryption, it has "Let's Encrypt" free certificate available for any website that applies to it and/or enables it.

You do not know these things, so whatever. Just keep preaching. DDO literally only allows the encryption of data and tunneling of website navigation to happen via its self-certified HTTPS, it actively is banning other, willing/free means of encrypting it.
RationalMadman
RationalMadman's avatar
Debates: 555
Posts: 19,351
10
11
11
RationalMadman's avatar
RationalMadman
10
11
11
This app is more reliable than Chrome and Mozilla put together, it is a socialist concept of making HTTPS available to websites that don't even want to pay for the certificate. 

Chrome and Mozilla both support the means it uses to deal with websites where the certificate is invalid. Look at the sponsors of the 'Let's Encrypt' certificate: https://letsencrypt.org

The extension I use is this: https://www.eff.org/https-everywhere

HTTPS Everywhere is produced as a collaboration between The Tor Project and the Electronic Frontier Foundation. Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site. The HTTPS Everywhere extension fixes these problems by using clever technology to rewrite requests to these sites to HTTPS

TheRealNihilist
TheRealNihilist's avatar
Debates: 44
Posts: 4,920
4
9
11
TheRealNihilist's avatar
TheRealNihilist
4
9
11
-->
@bsh1
Look at what he is doing.

He is spreading false information that can lead to harm. 

This 100% falls under excessive trolling.



RationalMadman
RationalMadman's avatar
Debates: 555
Posts: 19,351
10
11
11
RationalMadman's avatar
RationalMadman
10
11
11
-->
@bsh1
@TheRealNihilist
Show me the false information I have spread.
TheRealNihilist
TheRealNihilist's avatar
Debates: 44
Posts: 4,920
4
9
11
TheRealNihilist's avatar
TheRealNihilist
4
9
11
@RM

Ramshutu has already. I have. bsh1 has. Heck it would be difficult to find active users who can't find false information you spread that doesn't lead to a negative response. This is also excessive.

Actually addressing what you said instead of demonstrating the same deceny you showed to me, this forum post. Like I said earlier Ramshutu already has before and here.



RationalMadman
RationalMadman's avatar
Debates: 555
Posts: 19,351
10
11
11
RationalMadman's avatar
RationalMadman
10
11
11
-->
@TheRealNihilist
In this thread, would you care to show me the false information I have spread?
TheRealNihilist
TheRealNihilist's avatar
Debates: 44
Posts: 4,920
4
9
11
TheRealNihilist's avatar
TheRealNihilist
4
9
11
@RM

Someone more intelligent on this subject has done so. If you actually care about the truth you should ask him instead of asking a spectator. You would get a better response from Ramshutu.

Just see post #2 to find out what is wrong. There are other posts as well but that is blatant but like always you brain goes numb or something whenever a person demonstrates you are wrong.

RationalMadman
RationalMadman's avatar
Debates: 555
Posts: 19,351
10
11
11
RationalMadman's avatar
RationalMadman
10
11
11
I see Post 2. It disproved nothing I said whatsoever.
RationalMadman
RationalMadman's avatar
Debates: 555
Posts: 19,351
10
11
11
RationalMadman's avatar
RationalMadman
10
11
11
You are just here to taunt and bully me.
Vader
Vader's avatar
Debates: 30
Posts: 14,429
5
8
11
Vader's avatar
Vader
5
8
11
I don't think RM is wrong, but I don't think he is right.

debate.org is not going to fuck up your computer do anything like that. but i have noticed significant lower performance on computer with tab open. you can still go in, but it is pretty annoying
Ramshutu
Ramshutu's avatar
Debates: 43
Posts: 2,768
6
9
10
Ramshutu's avatar
Ramshutu
6
9
10
“It is a phishing method it has used to get Amazon to certify it.”

False #47: it’s just the formatting of the domain. The certification is completely valid when you assess the actual certificate

“It has certified its own HTTPS”

False #48: you can have a certificate certify itself - but that shows up in the certificate as the certifying authority would be itself - this certificate clearly shows it’s been certified by amazon.

“via some means it has purchased on Amazon.”

False #49: You can only purchase a certificate for your domain: and the fact that they own a “*.debate.org” domain certificate, and own the “debate.org” domain - there’s literally nothing wrong with the certificate

“The domain of the HTTPS certificate is apparently owned by and unique to debate.org itself. That is why both Firefox and Chrome are noticing it.”

False #50: they are noticing it because “debate.org” does not match the expression “*.debate.org” (but www.debate.org does)

“I also noticed it is doing a redirect before you hit the main website that is running javascript but it is so instantaneous, you can't notice it.”

False #51: No it doesn’t. Your browser would be the thing doing the redirection, and it wouldn’t be instantaneous. You can also pull only the page source from debate.org via non-browser means and it shows the plane old site.

“If you visit pages on DDO (not the main site itself) from google searches or via some links on it, it will actually try redirecting you elsewhere than DDO but then back onto the real page.”

False #52: nope, again the site doesn’t redirect you - your browser does - it isn’t instantaneous and you would be able to tell. 

You’re possibly confused with the information about external look ups. Debate.org will report its looking up other external servers and transferring information - this is what happens when you load ads.

“There is something very shady going on and the anonymous owners of DDO are clearly in on it.”

False: #53: again, no. This is just a trivial issue with expressions.

Ramshutu
Ramshutu's avatar
Debates: 43
Posts: 2,768
6
9
10
Ramshutu's avatar
Ramshutu
6
9
10
I see Post 2. It disproved nothing I said whatsoever.
I provided an eternal website that provides an SSL scan of debate.org and www.debate.org in Post #5 - this shows the certificate is fine; there’s just a minor discrepancy - normally certificates cover “domain.com” and “*.domain.com.


Like I said - show the certificate error when you enter www.debate.org

crossed
crossed's avatar
Debates: 62
Posts: 516
2
2
6
crossed's avatar
crossed
2
2
6
Anyway i am glad that the site would not let me publish debates now. I hope they never install the social credit score thing.
crossed
crossed's avatar
Debates: 62
Posts: 516
2
2
6
crossed's avatar
crossed
2
2
6
Social credit is the final nail in this whole plot. Everything that they have done is so the can bring in social credit system like they have in china
RationalMadman
RationalMadman's avatar
Debates: 555
Posts: 19,351
10
11
11
RationalMadman's avatar
RationalMadman
10
11
11
DDO isn't going to fuck up your computer, Dudz, it's going to spy on you and use your data for nefarious purposes, especially if your username, email and password have any connection elsewhere on the Internet as on DDO. It's owned by completely corrupt adscam click-count-faking artists who get ad revenue and tax write-offs and who knows what else, considering that they were complicit with pirted advertising.
Ramshutu
Ramshutu's avatar
Debates: 43
Posts: 2,768
6
9
10
Ramshutu's avatar
Ramshutu
6
9
10
“The registrant of DDO ownership is clickablenames.com. This is not a case of them 'selling it to Juggle' like we were told, they have owned it the entire time and are only interested in generating revenue from superficial activity rates and the garnering of user data.”

False #54: Clickablenames.com is juggle.  (http://www.juggle.com

So yes, the site was sold to juggle.

“From that point forth it has been run by either neglectful or abusive owners that have enabled adspam bots”

False #55: neglectful yes, abusive? Huh?

Your whole premise is that people want your data and ad revenue - but enabled the very things that drive users off the site? This makes no sense.

“They got their own HTTPS registered, unique to themselves. This means they themselvescertify that they are running a legitimate website with no leaks of data or shady shit going on in the behind-the-scenes coding and security of the database.”

False #56: their certificate is certified by AWS, the SSL scan link clearly shows the certificate tracking back to its certifying authority origin.

“They even ban my HTTPS Everywhere app from using public domain means of certifying a website in the most basic way via SSL encryption, it has "Let's Encrypt" free certificate available for any website that applies to it and/or enables it.”

False #57. Again in your https everywhere, the link is https://debate.org - which likely fails for the same reason as the other examples

False #58: https everywhere prevents http examples of website links and content being loaded, by changing the loaded page code to use https instead of http where it’s used. HTTPS doesn’t use “public domain means” of certifying a website through a public free certificate - this isn’t how certificate works.

To prove who they say they are a website must have a validate certificate issued by a trustworthy authority loaded and receivable upon an SSL request - HTTPS won’t circumvent that process as it defeats the entire purpose of having https security in the first place by bypassing the certification process.

False #59: When a page is requested from a server, it returns page source which is then loaded and viewed by the browser; plugins have access to this and can modify or adjusts the page source as needed. The website cannot “ban” HTTPS from doing anything, because the website can’t know that it’s even there, there are things that it may not support so that requests https everywhere makes are simply unsupported, but that doesn’t appear to be the case here.

“You do not know these things, so whatever.”

False #60: I am a principle software engineer. Among my networking expertise and have designed software to work in distributed industrial network products; one of the major products was a massively distributed set of industrial products where the physical devices are all over the world; and have to be operated securely from a single location.

I’ve also had the head of IT come round to me asking WTF i was doing to the network no less than 4 times during testing. 

“DDO literally only allows the encryption of data and tunneling of website navigation to happen via its self-certified HTTPS”

False #61. “Tunneling of website navigation” is a meaningless term that makes no technical sense. This like in some Hollywood film where a hacker “reconfigures the ports to allow sockets to tunnel directly through the DNS to the mainframe.”

False #62: the certificate is certified by amazon; the issuing authority is the one that signs it

“it actively is banning other, willing/free means of encrypting it.”

False #63:as explained, that’s not how free certificates work.

False #64: certificates are not anything to do with encryption, a https site provides a public key that the ssl layer on the client will use to encrypt data and send it back - only someone with the associated private key can decrypt it. Certificates are a mechanism relayed to proving the ownership of the public key - a lack of a certificate or faulty certificate means the site can’t prove its ownership of the public key - data sent to it is still encrypted.

False #65: again, ddo can’t “actively ban” a plug-in, that’s not how they works

RationalMadman
RationalMadman's avatar
Debates: 555
Posts: 19,351
10
11
11
RationalMadman's avatar
RationalMadman
10
11
11
Tell me, why does Juggle have no HTTPS version? did you know it will cut your connection to it if you try to go to the HTTPS version?

That is some shady shit.
RationalMadman
RationalMadman's avatar
Debates: 555
Posts: 19,351
10
11
11
RationalMadman's avatar
RationalMadman
10
11
11
They are actively disallowing HTTPS on their main domain, I never said plugin, they do disable any form of HTTPS other than their Amazon thing on the "www." version of the domain only. That's sly, scam artist shit just like it's always been.

They are dirty and I always fucking knew it. It's a shell company, probably for either a group of nefarious people having a tax write-off or a government agency spying no people of strange views.
RationalMadman
RationalMadman's avatar
Debates: 555
Posts: 19,351
10
11
11
RationalMadman's avatar
RationalMadman
10
11
11
I used TOR Browser to access it. These fuckers are quoting Sun Tzu in their homepage, they are no doubt about it experienced at what they are doing.
Ramshutu
Ramshutu's avatar
Debates: 43
Posts: 2,768
6
9
10
Ramshutu's avatar
Ramshutu
6
9
10
Tell me, why does Juggle have no HTTPS version? did you know it will cut your connection to it if you try to go to the HTTPS version?

That is some shady shit.
Because the site has no advertising, is 3-4 years since it has been updated, doesn’t have any log in, private data or need for secure connection and they probably didn’t want to bother with the hassle.
bsh1
bsh1's avatar
Debates: 14
Posts: 2,589
5
5
8
bsh1's avatar
bsh1
5
5
8
-->
@TheRealNihilist
Cease making reports in public.
Ramshutu
Ramshutu's avatar
Debates: 43
Posts: 2,768
6
9
10
Ramshutu's avatar
Ramshutu
6
9
10
“They are actively disallowing HTTPS on their main domain, I never said plugin, they do disable any form of HTTPS other than their Amazon thing on the "www." version of the domain only. That's sly, scam artist shit just like it's always been.”

False #66: false. They aren’t “actively disallowing https”, they simply are running a server that hasn’t installed https. Https is a functional element of the server, it’s not something that all servers support by default, and it has to be turned off.

False #67:sly? What? That claim is a stupid claim. The debate.org domain spent money on a certificate that authenticated *.debate.org” - thus debate.org and www.debate.org depending on how your browser compares domaines are both valid and authentic websites. “Debate.org” and “www.debate.org” resolve via dns to the same ip address - so are the same physical server. There is no phishing going on.

False #68: you seem to imply that “www.debate.org” is encrypted whilst “debate.org” is not. That’s utter nonsense. Both are fully encrypted - only one domain doesn’t match that of the certificate if you’re overly semantic when checking the domain name.

“They are dirty and I always fucking knew it. It's a shell company, probably for either a group of nefarious people having a tax write-off or a government agency spying no people of strange views.”

False #69:this is completely made up, there is no evidence or justification for this claim, and thus far nothing you’ve said even illustrates anything shady is going on; despite your litany of false claims on the matter.

Imabench
Imabench's avatar
Debates: 6
Posts: 934
3
4
9
Imabench's avatar
Imabench
3
4
9
DO NOT THINK FOR A SINGLE SECOND your PMs are not being read by the people behind it!
My PM's? Oh no, now people might figure out that I really like Frozen, or figure out that i only prowl around on this site when im incredibly bored! 

D: 

crossed
crossed's avatar
Debates: 62
Posts: 516
2
2
6
crossed's avatar
crossed
2
2
6
-->
@Imabench
This is all leading to a social credit system like they have in china. Lets say the goverment thinks you are stupid man child for liking frozen. So they decide you should not be allowed to by airplane tickets.