rawTOP

One other thing I should mention… I strongly encourage you guys to start using DNS over HTTPS ("DoH"). Right now what goes between your web browser and my server is encrypted. But when your computer first resolves the domain name into an IP address – that is done in clear text. So anyone with network access can see that you're visiting this site – they just can't see what on the site you're looking at. While your OS should support DoH, it probably doesn't. Mozilla is the organization pushing the hardest for DoH, and they've put a work-around in the Firefox browser that lets you get around the fact that your computer doesn't support DoH. Here's how to turn on DoH in Firefox… Go into Preferences Search for "DNS" Click on the Settings button for Network Settings Click the checkbox next to "Enable DNS over HTTPS" Click the OK button After that point your DNS queries will be encrypted – but just for the stuff you look at in Firefox. If you want to read further about this, check out this article… https://blog.cloudflare.com/dns-encryption-explained/ The short version is that there are two primary ways to do encrypted DNS – DoH and DoT (DNS over TLS). DoH does the request over the same port as normal web requests (when you're requesting a web page). DoT uses ports that have been traditionally used for DNS. A lot of corporate and government firewalls (even ISPs) force DNS queries to go through their DNS servers. Which means they can monitor the sites you go to and stop you from looking at things they don't like. DoT continues that model – it just encrypts things along the way. Governments and corporations who want to control what you look at are terrified about DoH. The UK was planning to block porn, but they finally gave up when they figured out that DoH (and VPNs) will make it impossible to do what they were planning to do. DoH will also be a huge help to dissidents around the world – DoH makes it incredibly difficult (more or less impossible) for governments to control what their citizens see. And that's a VERY good thing!

There will be a series of downtimes over the coming week or two. I just want to explain what's happening… It all started by realizing that I need to encrypt portions of the database. There was a data breach in Spain that exposed details on over 300,000 cam site customers. In the discussion about it on an industry forum it became clear that sites like this need to encrypt certain types of data. New privacy laws (GDPR in Europe as well as an even more strict one that in California) strongly encourage data encryption for user data – especially when it involves "Your money or your life!" (money, health, sex, etc.). Since you guys talk about HIV and other health conditions, and share your sex lives, the laws apply to this site. The irony is that much of what I'll be encrypting is publicly accessible and indexed by Google. But bureaucrats are humorless and probably wouldn't understand how the information being public makes a difference. But even so, there are aspects of this site (your private messages, etc.) that would clearly benefit from encryption. And while what Google sees may not be enough to identify you, if you add to it unseen details like your IP address that are stored in the database, together it might be enough to identify you. I should pause for a moment and say there are many things that can be encrypted when it comes to the web. Your passwords have always been "hashed" (a form of encryption). The information passed between your web browser and my server have been encrypted for a number of years now. This next step is about encrypting the data in the database that's "at rest" – meaning the files on disk. This won't completely secure the data, but it reduces the number of ways hackers can get the data. Anyway I did a little research and realized I needed a database upgrade in order to encrypt the data. I asked my host to upgrade me from MySQL 5.6 to MySQL 5.7. They said it would probably take a half hour. So far so good. Then when the upgrade was supposed to happen a more senior tech chimed in and said something like "You're running Debian, and on Debian we only support MariaDB. We don't support MySQL on Debian." We had a back and forth where I considered a major OS upgrade (which would require me to change servers) and finally I just decided on a migration from MySQL to MariaDB. The OS upgrade can wait until next year. Well, his initial guesstimate is 4-8 hours of downtime for the migration to MariaDB. He has to do some tests to get a more accurate number, but hopefully that will happen in the next few days. It's unclear whether the encryption can be done during the upgrade or whether it will be done afterwards. If afterwards there will be even more downtime, and it will be substantial since some of the tables that need encryption are large. If you have questions about any of that, just ask.

It's worth mentioning that DrScorpio & I were dealing with frequent spam reports prior to this change, but it's been quite a few days now with zero reports (knock wood). One Russian spammer did try to post to this thread, but that's a completely different problem. But since links are no longer allowed, he accomplished nothing. Hopefully how things are set up now doesn't feel like punishment for new, legit users (at least not for too long a period).

It's not appropriate for new members to rate things. Ratings are supposed to reflect the opinions of the community, and new members haven't proven themselves to be part of the community.

Use the lost password feature.

As mentioned in the other thread, I can enable links on a per-domain basis. Just explain why that domain merits the link. I'm closing this thread. All further discussion should happen in the other thread.

OK, based on the recent comments I've made some changes. In particular I've added another member level so it's now… New Members Junior Members (new) Members Senior Members (previously "Trusted Members") Hopefully "Senior Members" doesn't sound like old people, but it balances Junior Members conceptually. So people like @fuckyouraw777 and @AsiaCuckare now Junior Members. "Junior Members" have more abilities than the old "New Members" – it should feel more like it used to for them when everyone was in "Members". The bar to get from "New" to "Junior" is much lower than it previously was from "New" to "Members". With the standard path it's half the time period, and then there just needs to be a little public activity, and a little rating of that activity by other members. There's also an accelerated path for people who post a fair amount of content and it's particularly well-received. Since it's easier to get out of "New Members" I've restricted their abilities even more. Fewer messages, no ratings, etc. If you're in that group your job is to prove you belong here and that you'll make a positive contribution to the BZ community.

In your case it's a matter of how people have rated your content. Often I see reputations that are 2x the number of posts. Instead you're 0.5x the number of posts. So ratings are your weak spot. Basically not enough members have vouched for you. I'm pretty sure the spammers are trying to get people to follow links that put malware on people's computers. It's serious and can't be ignored. That said, the tools I have to control the situation with spammers are limited. I'm doing what I can, but I see the problems just as much as you do. It's a balance.

FYI… Any pending account deletion requests have been lost. Sorry about that. Deletions are done via a 3rd party plug-in to the core software. An update was needed, so I did the update. Then the plug-in stopped working. When I tried to uninstall and reinstall the plug-in it took down the entire server (a rogue process went into an infinite loop). My host managed to stop the rogue process, but then the theme for the site had gotten corrupted, somehow. So I reinstalled that, and then deleted the account deletion plug-in and reinstalled it. Everything seems to be working again, but in all of that the data on pending account deletion requests was lost. So if you want your account deleted you'll need to go into settings and request it again.

I've upped the message limit from 3 to 5 for new members, and complained to the software developer about how the limit was implemented. The admin interface says the limit is "Conversations allowed to start per day", which implies that you should be able to reply to any message sent to you. And once a conversation is started you should be able to send an unlimited number of messages to that person. But based on your comments that's clearly not the case. I've also suggested that messages to admins and moderators not be included in the caps.

Each day (or 24 hour period, not sure which)… New Members can do 8 posts, 5 ratings, and start 3 conversations in messenger Members can do 25 posts, 10 ratings, and start 25 conversations in messenger Trusted Members can do an unlimited number of posts, 30 ratings, and start 50 conversations in messenger I'm open to tweaking those settings if people can explain why it's a good idea. As far as ratings, I'm thinking of putting New Members down to 0. If they don't know the feature exists, then they won't miss it. And the idea behind ratings is that established members (who define the community) say what's good and bad.

Length of time since you joined is the reason you're not a full member. I'm not going to state the criteria because spammers/hackers could use that information. I'll put in a different case to deal with folks like you – it will lower the time limit and up the other criteria. You'll be close, but not quite at the limits I'm thinking of.

Yeah, sorry. You be in "Members" not sure why you're showing as "New Members". I just changed a few things. Hopefully the system works now. Though it's not quite set up how I'd like at the moment. But one step at a time (and no guarantee that I won't mess it up in the future when I try to "improve" things).

I've changed the user groups up and it makes a difference to what you can do on the site. Basically "members" has been split into 3 groups: New Members Members Trusted Members New members can do very little on the site. They can only send a few messages, they can only post a few posts. They can rate only a few items. "New" is defined by a few things – length of time since you joined, how many posts you've made, and how those posts have been rated. Being low on any of those will make you a "New Member". Members are those who have been here a while, done a bunch of posts, and had them well-received. Trusted members are people who have been here a long time, done a lot of posts, and had them well-received. If a trusted member stops being active on the site eventually they will get demoted down to member, but actively participating will get them back to Trusted Member status. Notice that "well-received" is a criteria in all the statuses. This means that down voting a post can slow a person down in achieving the next highest status. So those of you who are long-time members with the ability to do a fair number of ratings, please use that to slow down potentially problematic members. As you go up in status you can Post more posts Rate more things Upload bigger images and files Have more galleries with more images Have more blogs In addition, moderators will be more lenient as your status goes up. This will be especially true for Trusted Members – the points they'll be given will be lower, and hence the consequences less. One change that's been made across the board is that everyone can now delete their own images, galleries and blogs. (I finally got past a problem that was preventing me access to the settings that control that). That will reduce the workload on moderators.

You should now be able to delete your gallery images and albums. It's no longer necessary to get a moderator involved. If you continue to have problems, post on this thread.

OMG! The OP went off on me in email. I'm not sure I would have given him an infraction for what he said, but he clearly throws the word racist around WAY to glibly. Racist is a serious word that should be reserved for truly bad stuff. That said, yes, porn (gay and straight) is probably racist. But I doubt it's more racist than any other part of society. In fact, I'd say it's probably a bit less racist. And yes, porn stereotypes people. But porn isn't real life. Porn is selling a product and the product sells better when it follows a stereotype. That said, personally I find sites that only have all-white pretty boys really boring. But historically those sites were the last to go bareback. Personally I call their porn "condom free", not bareback. Real bareback porn doesn't give a shit what your skin color is. Real bareback porn only cares about how big of a pig you are. How hot your dick looks going in a hole, or how hot your hole looks taking raw cock. To come onto a bareback site and complain about racist porn… Sorry but you're barking up the wrong tree. We really don't care about your race.

I've gotten a few inquiries the past few days via email and Twitter about people who can no longer access the site. Let me explain what's changed… My server is under CONSTANT attack. I spend a crazy amount of time trying to stop hackers and malicious bots. Then there are the spammers, who you've probably encountered. And lastly there are the assholes who often start out complaining about something (often they're insulted they got an infraction – they have this mentality that they should be able to do absolutely anything they want). Anyway, discussions with them can go downhill quickly and at some point I just ban them. If they actually threaten the site, I often ban their IP address as well as their ability to login (so they don't just create another use and cause problems that way). Anyway, out of all those scenarios there are quite a few IP addresses that need to be banned. In the past if an IP address was banned here, it wasn't banned on my other sites. If it was banned on my other sites it wasm't banned here. Well, that's changed. Now if an IP address is banned on any site, it's banned from the entire server for a year (from the date of the last problem). AND if enough IP addresses are banned in a range of IP addresses, then the entire range is banned and the ban goes for a year past the last problem date for any IP in the range. Honestly, I'm not sure how this manifests when it's happening, but it would be one of two things – either 1) It takes a while but you finally just get a timeout error message from your browser saying something like "unable to connect to host", or 2) Your browser gives you an error message saying the connection was refused. In both cases it won't be a pretty error message like you get sometimes on here (a page that still looks like Breeding Zone, but has an error). Instead it will be a default error message from your browser. Clearly, if you're reading this, then it's not affecting you, but it might in the future, or you might hear of someone else having the problem. What's important to realize is that, if it happens, you aren't being penalized (unless your an asshole who got himself banned), but rather your IP address is being penalized. What this means is that if you connect via another IP address, things will probably work again (unless the next IP you try is also banned). In most cases you can get another IP address if you turn off your Internet router when you to go bed and plug it back in when you wake up in the morning.

This thread is locked again because of responses like ^^^^ this ^^^^ – people who are too lazy to read the thread which states over and over that posting here accomplishes nothing.

I'm seeing 11 people in chat right now. So I'm assuming there's no fundamental problem.

I've put in a change request with my hosting provider. When it's implemented the following will no longer be supported: Android version 4.3 or less (you need v4.4 or greater) Internet Explorer version 10 or less (you need v11 or greater) Safari 6 (Mountain Lion) or less (you need v7 / Mavericks or greater) In other words if you're running something that's more than 6 years old, it will stop working. The minimums listed above were all released in October 2013. 6 years is a LONG time in the world of technology. The reason for this change is that TLS 1.0 & 1.1 (TLS is the successor to SSL, which you've probably heard about) are considered insecure and in order to keep this site's A+ security rating I need to stop supporting them.

You pretty much have to go on meds when your CD4 count drops below 500, definitely when it gets to 350. AIDS is no fun and it kills. But until that point you can and should do what feels right to you. It's your body, no one can dictate what's right for you. [I'm gonna move this into the health section. This isn't poz fetish as much as a health-related question. Send me a DM if you don't want it in a public section of the site.]

Honestly, I haven't got a clue. At some point this site will be migrated to code I will have written. At that point I'll know how things work. But there's a lot about the current code that's a bit of a mystery.

I should mention that some of you who had spam sent to you… Yesterday I deleted the spam, but then created a different problem where you weren't able to use messaging. That was corrected this morning after about a half dozen of you sent support requests.

I should also mention that I've improved the handling of how problem IP addresses are handled on this site and on my other sites. Without going into too many details anyone who is caught doing something harmful here or on my other sites will have their IP address banned from my entire server for at least a year. I'm especially strict on IP addresses from China. I ban them by the 100s every month. Before I started all this I had about 40% bot traffic on my sites (bots that execute Javascript, not including the good bots like Googlebot that just crawl and index pages politely). Now that number is under 5%.

As many of you know, there's been a problem with spam in private messages here on the site. So, I'm implementing some changes that affect both private messages and forum messages. First, you'll see the message "[think before following links]" before URLs. Second, there will no longer be an actual link you can click – you'll just see the URL. You'll need to copy and paste the URL to go to the page. Which means links will look like this… [think before following links] https://www.youtube.com/channel/UCmxVgx1LO77mPwr8r__FQ3g That said, if it's on my list of trusted domains, there will be a link you can click along with the note to think before you click… [think before following links] https://bbbh.com [think before following links] http://rawtop.com If you want a domain added to the list of trusted domains, reply to this thread and explain why. Twitter and Instagram are on my list already. YouTube will not ever be on the list because there is a way to exploit certain YouTube URLs to have them direct you to another site. That said, YouTube video URLs will continue to embed the player. And tweet URLs will continue to embed the tweet. Here are some examples… A YouTube embed… A tweet embed… In both cases you paste the URL, wait a moment, and the URL will be replaced with the embed. Just remember on tweets the account can't be marked as containing sensitive media or else the embed may not work properly. The account (not just the tweet) has be completely PG-13. Hopefully this will put a dent in the spam that's been happening on the site. 🤞