Hopefully a useful suggestion for the TER community...  I didn't see this topic, having searched Suggestion/Policy back a year for "https" or "SSL".  

Web surfing savvy folks understand that when you interact with a website, such as TER, using the ubiquitous HTTP protocol, all of the payload (your text, images, etc.) is unprotected in the wide open out there on the wire.  This of course makes your session information vulnerable to any unwanted third party scrutiny with sufficient lawful access (e.g., a wire tap warrant), or unlawful access; the payload traversing the Internet between a user's IP address and TER is plainly visible and can be immediately associated with your IP address which can then be associated with the physical/geographic address on record with your ISP, even if it's a dynamic IP address (BTW, I'm not telling Ellie anything she doesn't already know).  

In order to protect web interactions from that sort of scrutiny, one of the practices is to subscribe to an Internet redirection service provider and software application (e.g., Hide My IP; there are others) that essentially functions as a go-between between you and your IP address and the IP address of the site you are visiting.  The bi-directional communications between your host and the other host are obfuscated by an intermediate host (the redirector) that essentially takes the actual source and destination IP addresses and swaps in its own IP address (redirection) to give the illusion of web sessions between the redirector and the two hosts.  This is over-simplified but basically what's happening.  Although this is a helpful privacy measure, it doesn't do anything about concealing the payload and the payload itself might yield privacy information if not carefully worded.

For web sessions that merit extra security and privacy, such as online financial transactions, medical information, etc., a slightly different protocol is available to encrypt the payload using Public Key Infrastructure (PKI) such that web sessions between servers and visitors can be kept reasonably secure.  That protocol uses Secure Socket Layer (SSL) in the form of https.  It is simple to implement from the server side (e.g., at TER) and all modern web browsers support the protocol.  You use it every time you purchase something online (or at least you should).

My suggestion to TER is to consider implementing https for its servers so that user sessions will benefit from the substantial level of added security and privacy imparted by encryption.  I think it would be extremely low cost (possibly zero cost) to implement for TER and would add greatly to the privacy and safety we seek in this community.

Really looking forward to the new TER site and hoping that SSL can become an integral part of that site.  I'd be very interested in hearing what other folks think about this proposal.  Thanks!

I agree, it's pretty ridiculous this site doesn't use https at least for login.

Excellent point - slippery, I was wondering about that too. I first noticed in mail, then looked around the rest of the site-all open text. You might as well have someone looking over your shoulder. I have stopped using mail (unless I have to)....until its made secure. My bet is this is in the works, hope so anyway.

Just be careful to make sure your Certificates and CA are not easily subverted.