External links broke certificate

Is there idea delete external links for security issues?
Image: http://oi60.tinypic.com/2rc5shd.jpg
This can be better for user privacy.

Note: This discussion was imported from Loomio. Click here to view the original discussion.

Nothing is broken. I don’t think that blocking external content is wise since much content on the internet is hosted without encryption. Since no sensitive information is being transmitted to those websites that users are linking to, there is no reason to block it. Diaspora is for sharing, not blocking.

We dealt with this in redmatrix by proxying insecure content through our own server. It’s “usually” images which do this, but videos (e.g. any embedded media) are also a culprit. The biggest issue we encountered is youtube which generally provides all its links (even when using oembed from an https source) as http. We just looked for those specifically and converted to https since we know YT has SSL and we didn’t want to be proxying petabytes of video streams through our servers.

This is a nightmare caused by the browsers, but we just have to deal with it the best we can until people (e.g. browser vendors in particular) see the light that decentralised communications offers over the darkness they are still trying to force on us.

One can also usually set browser preferences to handle insecure content on the page “the old way” (which allows you to ignore it), but getting all your site/network members on board granting a lower-security configuration to their various browsers isn’t realistic.

@mikemacgirvin You can force Youtubes oEmbed endpoint to https: https://github.com/judofyr/ruby-oembed/pull/34