Is tradeshack.au secure?
Secure is proportional to desire, effort and reward. – (Doc H)
What does that mean? All security can be breached, broken and removed by external actors. The return on investment of their time and resources is key to the determination to “get in”. Therefore, the Trade Shack is not storing any information that can be desirable or rewarding to a hacker.
It is a fair question, “is the tradeshack.au secure” in light of the recent hacks at Optus and other big companies, that have the budget to keep things safe and secure. We at the trade shack do our best to keep things secure. We do this by regularly checking for issues, as you can see on our membership levels page.
What is made by man, can be broken by man.
Just remember that, there is NO such thing as 100%. The level of security is directly related to the amount of time someone wants to put into getting to the information. For that reason we make it as hard as possible by using Security Certificates, Virtual Private Networks, Secured Servers instead of shared web hosting and Australia-based data centres, instead of some building somewhere in the world.
Our approach
Less is better
When you subscribe to the Trade Shack we do not ask much, and we store even less. The subscription payments are handled by Stripe and are secured end-to-end. Nobody can read that data. We do not store your credit card details or anything on our site.
For the Trade Shack to work we ask for an email to use to contact you and you can use it for logging in. Your postcode links you to a postcode community and that is about it.
If there is nothing for hackers to take, then why come and look for it? It is one of the views we have, there is nothing that is already in the public domain. If you are on Fakebook then your name address, email, friends and so much more is ready available.
Secure Sockets Layer (SSL)
This is very standard nowadays. Every good website has it and uses certificates. You can see the little padlock in your browser. If it is closed or green, then you have a Secured connection with the server. It is encrypted.
We use HSTS
HTTP Strict Transport Security (HSTS) is a policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks[1] and cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should automatically interact with it using only HTTPS connections, which provide Transport Layer Security (TLS/SSL), unlike the insecure HTTP used alone. HSTS is an IETF standards track protocol and is specified in RFC 6797.
There are many more protocols we use to make the site, but more so, your data is safe. We want you to know that we make sure that all information you receive and send to this site is for your eyes only. For that reason, we keep the site up-to-date will all the latest software updates, security updates and of course the good old manual eyes and hands-on.
Questions
Always use a VPN!
You can, but essentially it is no longer needed. All data sent and received from this site is encrypted, so ONLY YOU can see it. A VPN for using this site is overkill, you only should use a VPN if you have a “determined adversary” that puts one’s physical or digital safety at risk.
Sure use it for Netflix or avoid localised censorship, but if your thought is to make the data more secure, then you thought wrong. Here is a tip, turn on DNS-over-HTTPS and that solves your ISP snooping.
So to use this site securely, there is NO NEED FOR VPN.
Payments
Donations and Subscription fees are handled by Stripe. We do not collect or maintain any data for that. Your subscription renewal is done by Stripe we do not store or save that data.
Location
Our server is located in a Brisbane Data Center. Not overseas, like many others. We do not use cloud services, our server is not cloud-based nor is our data storage. It is an old and expensive way of doing things, but it works for us.
We have seen other sites that use shared hosting being spoofed, because we only have websites on this server that have real Australian owners, with whom we have direct contact and we know, and we believe we eliminate another level of possible issues.
Sharing
We do not share, sell or display your email without your approval. In the profile settings, you can set what you want to share.
We are not Fakebook. What is not known by many is that Facebook data mines all your information, habits, friends and where you live. It sells that data to other parties, that is how they make money.
We only will associate you with a Postcode as part of our Postcode Communities.
Conclusion
Can this site be hacked and is my data safe?
Every website can be hacked, it is a matter of time and reward. For hackers, there is no reward, other than a good laugh when changing page content. We are not like other big organisations that need to know everything about you. We only need email and postcode, that is it.
If you are worried about privacy, then using this site is the least of your worries. More data about you is collected when using Google, fakebook or just walking into a shop.
For that reason, we promote “Creating online connections for off-line communication”