Encryption of affiliate access is missing in most Programs
 

I see that most affiliate programs, specially the ones based on NATS have no encryption of the data ... That means ISPs and people who can listed to your internet connection can see your data and how much you make .... Wouldn't it be a good idea for program owners to make their interfaces a bit safer?

The big third party billers CCBill and Verotel have safe connections, but about 90% of programs do not.

well for one is it really that big of a deal? and two, ssl connections are a lot more work for the server and everything in between.

dont be so paranoid, im sure your ISP has better things to do then spy on you checking your stats so they can see how much money you make.

Ive never once in all my years online heard of ISP's sniffing packets of random crap. They usually only do it when there is a reason to do it. Its not like there's people sitting there sniffing the billion gazillion packets reading them

It's a big threat to privacy. Why do you guys think banks, CCbill, online brokers, etc. encrypt their data?

There are countries where ISPs are ordered to spy on citizens and I am not just talking about China. Revenue services can sniff your data. If you are on a wireless connection your neighbours or friends can pick up your data stream, etc. ... just a few examples.

You can use an SSL certificate with NATS if you'd like. Some programs do.

Please try to do some research before making blanket statements about things.

It would be great if programs offered an optional SSL login page, especially for when you're surfing from an unsecured (wireless) connection without a VPN or ssh tunnel. Then you could have the option, faster unsecured logins for home, or SSL for when you're out and about.

Hey faxxaff!

I agree, and it's not like it's expensive or difficult to setup... :-/

Yeah I was always wondering that too. I think its like $17 with godaddy to get an SSL certificate.

an easy solution would be to tell all these new programs coming up every week "no, i am not signing up, you don't protect with SSL, but let me know when you do"

this is exactly how I started the rss revolution last year....any time a program posted about their program updates I would say "where is the rss? I can't rfind it anywhere"....and before long rss became standard

I am not attacking you, I just say that program owners should care more about the safety of affiliate data. If NATS can do their part to encourage them to do so, I think they should. It is not a blank statement, but a fact that most NATS programs do not use encrypted connections. I am a member of a few programs and I know what I am talking about. It is a step back from CCBills top noth security!

Take it as a kind proposal to improve your product if you care.

Would you do online banking without a secure https connection?

It is coz it means others could access webmaster profiles and change
payout info. It's not a huge risk....but it's still a risk...which easily can be
avoided. :2 cents:

SSL certs are so expensive that webmasters can't afford them.

It's all because there's no money in porn.

;)

I never said you were attacking me :) Sorry if my reply sounded pissy, it wasn't meant in that way.

I just want everyone to understand that NATS installs run independently and it is up to the program owner whether or not they use an SSL cert on their affiliate join form. Their running of NATS (or other 3rd party systems) has nothing to do with them using or not using a cert.

System like CCBill are not run independently but rather run on CCBill's servers and are hosted and controlled by CCBill. So either no one or everyone on it has a cert for it as it is all centralized.

I hope this clarifies it a bit and please don't confuse any reply of disagreement with taking it as an attack. Sorry if you thought I took it that way.

Its not really about ISP's sitting in their data center spying on you... though it could be a concern. Its about all the identity thieves and crackers out there who scour the internet for this type of info, constantly. There are numerous ways they can get in between the affiliate, and the affiliate backends.

Seeing as how many may have personal info, or sensitive company info stored on the backends of all these programs, it really is a little irresponsible not to make SSL available. Its brain dead easy to turn on... even if you use a self signed cert, its better than nothing.

Of course, SSL doesnt come close to solving every security problem out there, but it goes a *long* way for the amount of work involved setting it up. Its really as simple as setting up a typical webserver, with the added step of generating a cert.