"This website looks pretty sus!"

Got that '95-'05 vibe, don't it? This is how most of the web looked before everything got filled with hooks, trackers, scripts, and miscelleneous embedded junk.

Sketchy looking websites like this one are actually extremely unlikely to do anything bad to your computer. This is out of simplicity: there simply isn't much going on here. This server is sending your browser text and images with a little formatting information. When you clicked this link, the server served up the text within this document. A website is just files, and a server is just a computer that sends copies of those files when asked. The documents being formatted poorly or in a very basic way does not make them dangerous. Quite the opposite, simple is usually more secure, as there is very little attack surface. Of course, I am a big believer that nothing is foolproof and everything can be hacked, so anything is possible, but simply cruising sus looking websites (so long as you don't download and execute any files, of course) is extremely unlikely to give you any sort of malware.

The simplicty of basic HTML and CSS also means a large degree in compatibility. When it's just text, practically any browser on any system can render it in a readable way. This site works just as well in Firefox on a desktop, Chrome on a laptop, Safari on an iPhone, or Lynx on a terminal. Hell, I've even tested it in IE6. Any browser, any operating system, it just plain works, which is pretty cool.

Also I'm not skilled enough to make it fancier, but that doesn't make the above any less true.

You might also be wondering why this website doesn't support HTTPS, and your browser may have warned you that it is not secure or unsafe. That would be true, if I were asking you to enter any personal information. If I did, then you should promptly nope the fuck out. So it is a good thing that I do not. HTTPS means the connection between your computer and the server is encrypted, which is very important when you are sending payment information and the like. But there is no personal data being asked for here, so there is nothing to bother encrypting. If I put a sign in my window is it fair to call it insecure when someone reads it?

I suppose one other threat might be the potential for a man-in-the-middle attack, wherein somebody impersonates this website and redirects your requests to the imposter, and you would have no way of knowing without actively monitoring what IP addresses your connections are going to. That said, I think in this context that is a relatively minor threat; and again, I don't ask for personal information here. I also don't get hardly any traffic.

Update: The site now does offer HTTPS, but it's not forced. Any browser made within the last 10 years should just automatically redirect to the HTTPS version. If your browser is HTTPS compatible but does not redirect you, replace "http://" with "https://" in your browser's URL bar. If your browser is not HTTPS compatible, the regular HTTP version should continue to work.

Back to home