Get proper HTTPS for fucks sakes, this isnt 1995 netscape

https certificates Expire. they are only valid for a specific range of dates and times and need to be renewed. It's a pain.

not all websites NEED to be https. https encrypts the data users enter on the page and the data of forms which are submitted between the user and the server.

This site has no logins. the only data you can enter here is search terms, captcha ascii, local upload locations, an anon username (thats not even actually necessary but just so people can track user messages from post to post), maybe an email (optional) and a title and a bunch of text for a subject.

None of the Required info that you can submit here is sensitive. you shouldn't be posting your bank account login and password here, nor any personally identifyable information. unless you want to be doxed and raided? I mean.. welcome to the trollpit where it's all fun and memes..

There is indeed nothing sensitive to encrypt here for normal users, other than your very presence and activities here. HTTPS does prevent other servers from impersonating swfchan.net, though (for whatever that's worth)

Https is purely a meme for any site that doesn't feature logins. It's just a way of certificate companies getting a slice of the control over the web pie.

So no, I'd rather this is 1995 netscape.

The S in the protocol is on top of the HTTP, first a secure channel is established and then HTTP is used as normal entirely within that secure channel.

so no, a cert does not prevent proxying a site through a fake page. the fake proxied copy will even have the same URL. in fact so long as the fake page has the same URL then the https cert is valid for it.

on the note of lets encrypt: forkheads looked into it, our admin noted issues with it compared to manual cert registration. LE has a terms of service which could change on a whim, they reserve the right to refuse to provide cert services to site's whose content is deemed objectionable by the LE team, thier lawyers, or any third parties and thier lawyers who find out your site uses [insert thing they don't like].

swfchan would be banned from recieving certs by LE in an instant. "you allow loli H swfs, no https cert for you, remove every entry since the dawn of time and handover ownership of the site to our designated party and dox yourself and appear in court in Australia or the EU, in order to get your certs reestablished"

"Lol, no."

LE also has terms about mandatory site updates. they'd be quick to tell swfchan that Flash swfs are 'insecure' and that "swfchan needs to remove the ability to host and display swfs in thier native flashplayer" and make all sorts of demands about the way object elements of the site are written. "for security purposes the wrapper for the swf object needs to be written in google javascript 9.0 and should proxy the actual page content from a script to build it hosted on google, this prevents outdated browsers who may be effected by swfs from viewing them."

and they reserve the right to change thier ToS as they see fit, so worse things than I described can find thier way in. they could literally hold the site hostage dangling the cert over it's head.

in short, the less companies and terms of service are involved the better.

Speaking of Cloudflare, all the sites that use HTTPS with Cloudflare only encrypt traffic to and from Cloudflare's server's, they de-encrypt all packets and can see all data from all the visitors (passwords, search terms, urls etc). This happens even if the site is using its own cert and not Cloudflare's auto-HTTPS feature. After de-encrypting they re-encrypt on their end when speaking with the actual web site server, if needed. I think a lot of people don't realize this.