What's the issue?

Several whitelisted BOINC projects either do not have SSL (HTTPS) encryption support or their certificates have significant issues (cert mismatch or vulnerabilities).

SSL encryption can easily be implemented for free via LetsEncrypt! LetsEncrypt provides secure SSL certificates for free and with the recently created Certbot (by EFF)

Without SSL encryption, a man in the middle (an individual between you and the BOINC web server) can potentially intercept your plain-text user account credentials for the affected project.

If you use Boincstats/BAM then your BOINC project accounts and BAM account all share the same password, so an individual 'man in the middle' attack on an insecure project could yield the user account credentials for 30+ websites.

We're talking about 7-9 projects with questionable/no SSL encryption support, so if we were to agree it should be enforced it's quite possible that projects are voted out of the whitelist.

We've been reaching out to BOINC projects for several months now, check out the latest progress report.

Info regarding how likely MITM attacks are: https://security.stackexchange.com/questions/12041/are-man-in-the-middle-attacks-extremely-rare

Thoughts?

Cryptocointalk thread

Twitter post - like & retweet!

How can I vote?

Windows users:

Launch Gridcoin client & fully sync the blockchain. If your wallet is encrypted, fully unlock the wallet (not just for 'staking only'). Click "Advanced" , then click "Voting". Right click on the poll with the Question "Should SSL encryption be mandatory for whitelisted BOINC projects?" Click the "Vote" button in the context menu that appears. A voting window should appear. Check one of the checkboxes (Yes/No). Click the "Place Vote" button. If you get a warning/error, fully unlock your wallet and repeat the above steps.

Linux users:

QT Wallet:

Launch the Gridcoin wallet (QT) & fully sync the blockchain. Fully unlock your wallet. Navigate to the Debug Console (Help - Debug Window - Console (tab) ) Enter one of the following commands:

For yes : execute vote ssl_enforcement_poll yes

: execute vote ssl_enforcement_poll yes For no: execute vote ssl_enforcement_poll no

Terminal:

Launch the Gridcoin wallet (QT) & fully sync the blockchain. Fully unlock your wallet.

e. Enter one of the following commands:

For yes : gridcoinresearchd execute vote ssl_enforcement_poll yes

: gridcoinresearchd execute vote ssl_enforcement_poll yes For no : gridcoinresearchd execute vote ssl_enforcement_poll no

Extra info