Bottom line is...
We thought it was a good idea to have an encrypted address. or HTTPS for obvious reasons. I kind of raised it as a good idea.
No one ever saw anything before we had HTTPS. Because there was no https certificate to verify.
But because TOR and others does not recognise the certificate, thats when you get the message.
And i get it via tor every time i log in.
1) We go back to HTTP and no one sees any error messages over unencrypted address.
2) We stay as is. With an encrypted site. You cant go enrypted without a certificate. So we do have one.
3) We get an official popular certificate that requires someones addy and sign up etc which presents risks in itself. Any willing participants pm me.
It is fair to say that no one really understood the error message until it was implemented and this is first time its been brought up really. But i too find it irritating, but accept it as part of keeping under the radar and having an encrypted address. Personally im either in the 1) or 2) camp.
Its well worth an open discussion here to see what people think.
E2A - and we obviously take security very seriously and i think we are way above other sites and have the talent to implement it. If TOR and other commercial browsers cannot ratify the certificate. Its testament to its stealth that we can still have an encrypted address. The message saying "this site is not secure" is utter bollox. It kindo of means we are one step ahead of them.