metafilter newly blocked at work- halp!
December 13, 2019 8:59 AM
y'all, I need metafilter at work. all of the sudden it is blocked! i know squat about computer stuff and am hoping theres a simple solution.
It says "your connection is not private" and then the only option is "back to safety" or an "advanced" button that tells me things i dont understand.
this is on chrome, and also internet explorer.
it says "not secure" in the little text window where you write the website (oh my god i sound like i'm 100) with a red triangle and exclamation point. and if i click around it says some stuff about certificates.
i trust that metafilter is perfectly as secure as it needs to be and am truly unbothered anyway by the idea of someone stealing my like... MeFi password or something. of course if putzing with this would actually put the computer system at risk i would not want that! but its been fine for years! and its metafilter... i know the fine people running this place do a good job and know their stuff.
im using my phone to write this and i cant be on my phone here but nobody cares if im browsing websites on the desktop in downtime
It says "your connection is not private" and then the only option is "back to safety" or an "advanced" button that tells me things i dont understand.
this is on chrome, and also internet explorer.
it says "not secure" in the little text window where you write the website (oh my god i sound like i'm 100) with a red triangle and exclamation point. and if i click around it says some stuff about certificates.
i trust that metafilter is perfectly as secure as it needs to be and am truly unbothered anyway by the idea of someone stealing my like... MeFi password or something. of course if putzing with this would actually put the computer system at risk i would not want that! but its been fine for years! and its metafilter... i know the fine people running this place do a good job and know their stuff.
im using my phone to write this and i cant be on my phone here but nobody cares if im browsing websites on the desktop in downtime
What happens if you try to log on via an incognito window?
posted by ananci at 9:10 AM on December 13, 2019
posted by ananci at 9:10 AM on December 13, 2019
[Heya, emirenic, this might be a better fit for MetaTalk since it's directly MeFi-related; if you want to submit a post over there, that may get more specific responses.]
posted by cortex at 9:11 AM on December 13, 2019
posted by cortex at 9:11 AM on December 13, 2019
Is it showing that warning on every secure site, or just Metafilter? It sounds like there is a network proxy somewhere that is indeed caching/inspecting your SSL pages and your browser doesn't have the proxy's root certificate installed (which is needed for the proxy to spoof being the site you've connected to). But it would show that error for every secure site in that case.
You can of course switch Metafilter to not require https ("Use secure browsing" in the site preferences) but that is probably a bad idea.
posted by kindall at 9:13 AM on December 13, 2019
You can of course switch Metafilter to not require https ("Use secure browsing" in the site preferences) but that is probably a bad idea.
posted by kindall at 9:13 AM on December 13, 2019
You can of course switch Metafilter to not require https ("Use secure browsing" in the site preferences) but that is probably a bad idea.
So long as you're not logging into Metafilter or otherwise typing in a username and password, browsing Metafilter using HTTP (insecure) rather than HTTPS (secure) is a completely negligible risk. The only thing you're giving up is the privacy of your employer seeing the contents of what you browse (abstractly) whereas with HTTPS they would know what what site you accessed (e.g. metafilter.com) but not the contents. In the context of a work environment, that's pretty much a distinction without a difference.
posted by Fidel Cashflow at 9:37 AM on December 13, 2019
So long as you're not logging into Metafilter or otherwise typing in a username and password, browsing Metafilter using HTTP (insecure) rather than HTTPS (secure) is a completely negligible risk. The only thing you're giving up is the privacy of your employer seeing the contents of what you browse (abstractly) whereas with HTTPS they would know what what site you accessed (e.g. metafilter.com) but not the contents. In the context of a work environment, that's pretty much a distinction without a difference.
posted by Fidel Cashflow at 9:37 AM on December 13, 2019
This just began happening on my work computer yesterday too, using Chrome. I can access the site by going to Advanced/Proceed anyway. Something changed.
posted by jkent at 9:40 AM on December 13, 2019
posted by jkent at 9:40 AM on December 13, 2019
PROCEEDING UNSAFELY!
i could swear that option was not there when i looked before...
sorry i didnt realize there was another place to post this kind of question! its resolved anyhow so no harm no foul?
thank you!!!!!
posted by emirenic at 10:45 AM on December 13, 2019
i could swear that option was not there when i looked before...
sorry i didnt realize there was another place to post this kind of question! its resolved anyhow so no harm no foul?
thank you!!!!!
posted by emirenic at 10:45 AM on December 13, 2019
jkent: "This just began happening on my work computer yesterday too, using Chrome. I can access the site by going to Advanced/Proceed anyway. Something changed."
Metafilter has a new TLS/SSL certificate as of 2019-12-10, issued by "Sectigo Limited". So that's likely what changed, though in itself it's not enough to be a problem (since the new certificate is valid).
The further (slightly-more-technical) explanation is that your employer is likely modifiying either browser settings, computer settings, or both and removing the trust relationship for either the intermediary CA (Sectigo RSA Domain Validation Secure Server CA) or the root CA (USERTrust RSA Certification Authority), which would cause metafilter's new certificate to no longer be trusted.
The point being, there are several potential causes for the connection to no longer be recognized as "secure", though it's hard to say which is the root cause for sure without more info, though they are almost certainly related to MeFi's cert changing on the 10th.
posted by namewithoutwords at 10:46 AM on December 13, 2019
Metafilter has a new TLS/SSL certificate as of 2019-12-10, issued by "Sectigo Limited". So that's likely what changed, though in itself it's not enough to be a problem (since the new certificate is valid).
The further (slightly-more-technical) explanation is that your employer is likely modifiying either browser settings, computer settings, or both and removing the trust relationship for either the intermediary CA (Sectigo RSA Domain Validation Secure Server CA) or the root CA (USERTrust RSA Certification Authority), which would cause metafilter's new certificate to no longer be trusted.
The point being, there are several potential causes for the connection to no longer be recognized as "secure", though it's hard to say which is the root cause for sure without more info, though they are almost certainly related to MeFi's cert changing on the 10th.
posted by namewithoutwords at 10:46 AM on December 13, 2019
The certificate that Metafilter use to identify itself and what is used by browsers to decide if the connection should be trusted was updated at Wed, 11 Dec 2019 00:00:00 UTC, which might not be a coincidence... The Qualys ssltest site also says that the website is missing an intermediate certificate ("This server's certificate chain is incomplete. Grade capped to B.") which I guess is related to your problems. I would guess that the metafilter admins missed a intermediate certificate in the TLS configuration when the TLS certificate was updated recently. I've sent a message via the contact form to the admins about it.
posted by rpn at 10:47 AM on December 13, 2019
posted by rpn at 10:47 AM on December 13, 2019
Consider getting there on your phone. The safety warning may be caused by your employer using traffic assessment with an eye to cracking down on staff. Check with your manager or policy manual to verify that web browsing is okay. I had an (crappy) employer give me grief for having a window active but minimized during work.
posted by theora55 at 11:28 AM on December 13, 2019
posted by theora55 at 11:28 AM on December 13, 2019
[And a followup administrative note here that, yup, we updated the SSL cert for *.metafilter.com in the last couple days and that's looking like the proximate cause here because of a small config error. Can confirm that it's not a security/danger issue, just a bad paperwork issue on our end that should be resolved today.]
posted by cortex at 11:42 AM on December 13, 2019
posted by cortex at 11:42 AM on December 13, 2019
(still happening but now i know how to click past it!)
posted by emirenic at 5:15 AM on January 18, 2020
posted by emirenic at 5:15 AM on January 18, 2020
« Older What should I do with the historical research I'm... | Help me use 100g / 3.5 oz of Ground Almonds Newer »
This thread is closed to new comments.
If you really want to bypass this, you can simply click the "proceed to www.metafilter.com (unsafe)" option that should show up under Advanced.
However, I would not trust your work system for any traffic that you expect to be secure/private (Metafilter or anything outside Metafilter).
posted by saeculorum at 9:07 AM on December 13, 2019