Secure site for online donations?

I saw a request for donations (>=$5) on the Arduino IDE download page (arduino.cc/en/Main/Donate).

I am sure many in USA and elsewhere would like to donate, but would balk at entering credit card information on a non-secure web link, what with all the CC thefts going around.

Why not setup a https site for donations and perhaps add a link to PayPal (in addition to CC) at least for those of us State-side? Just a suggestion.....

Second that. Why can't this be anonymous ?

Download links to the latest IDE now lead to donations page. Firefox tells that the page is partially encrypted. Some links from popup frame seem to be encrypted and go to checkout.stripe.com and stripecdn.com. Still could not find a way to check the cert. Is this channel encrypted and legitimate? Just not very enthusiastic to submit a credit card details over unecrypted link.

The sensible thing is to be cautious.

Maybe if the Arduino folks notice that few donations are made they will fix the problem - but don't hold your breath.

I also wonder who is the beneficiary of those donations in view of the internal strife between the Arduino founders - see this Thread

...R

I would be happy to view an ad in support of the site.

I do not see why an ad isn’t appended to the bottom of each forum page.
I find I do not scroll to the very bottom of the page, so like many others, we wouldn’t even see the ad.

It would be a simple way of generating revenue. The sheer numbers of impressions would provide something, no one would even have to click them. They could allow members to ‘opt-out’ in the profile settings, however most people probably won’t care (people that do, usually/should have an ad blocker).

pYro_65: I would be happy to view an ad in support of the site.

That brought to mind the fact that Stackoverflow has no product sales behind it, is completely free and is probably very much larger than the Arduino Forum.

And it was pioneered by two guys whose blogs make very interesting reading.

...R

and it deals with Arduino questions.

The JS script and the following requests are via https.

Specifically: https://arduino.cc/en/pub/js/software_download.js https://checkout.stripe.com/checkout.js https://sourcemaps.stripe.com/checkout/checkout.js.map https://checkout.stripe.com/v3/somehash.html https://a.stripecdn.com/checkout/v3/checkout/inner-hash.js https://js.stripe.com/v2/ https://a.stripecdn.com/checkout/v3/checkout/loader/web-hash.js https://checkout.stripe.com/api/bootstrap?locale=en&key=pk_live_hash

And our: https://api.arduino.cc/stripe/charge Are all under https so the contribution transaction is safe.

If you want to check the cert please go here: https://api.arduino.cc/stripe/charge and look at the validated cert.

The transaction cannot be anonymous because especially in EU it is needed for CC verification.

@Robin2 please read http://arduino.cc/en/Main/ContributionFAQ

To see were funds land to.

mastrolinux:
@Robin2 please read http://arduino.cc/en/Main/ContributionFAQ

To see were funds land to.

Thank you Luca,
That was not really the point I was trying to make. I specifically said “who is the beneficiary” in the sense of who among the 5 Arduino founders would ultimately benefit when the dispute ends.

Donations are a matter for the person making a donation. I just wanted to ensure they were aware of the dispute in case that affects their decision. I am not, and will not be a donor. I have very generously paid £50 for a Yun that should cost no more than an RPi.

…R

@mastrolinux thank you for confirming that all the information goes over https. Still I would have felt more comfortable with the style of donations page that for example wikipedia has than with a simple popup frame that is very difficult to inspect.

@kallek we are working on full https support for many Arduino websites. Legacy code is hard to fix :)

@mastrolinux possibly I imagine it too easy. Theoretically a search for "http" in all the code and replacing with nothing should fix 95%. URLs starting with "//" are protocol independent.

@Wene83 it is much more difficult than it. A cache system used as load balancer too, is still in production. The software used for it doesn't support https so we need to remove this layer and substitute it with nginx microcaching and a different load balancer. This means to rewrite and test many files and servers.

In addition the arduino.cc page is composed using data from blog.arduino.cc (via RPC API) and WordPress does not support (crazy thing) both http and https protocol at the same time. It also writes full URL (with scheme included) in the DB. Because of that we need to migrate the blog as first, than the website.

There are other smaller issues I will not explain here but even if seems simple I can assure you is not.

The migration started one month ago and involved in addition moving the blog to another server (it was done one month ago with no service interruption).

Other servers and dns need to be migrated. Add to this the fact that lately we had dns issue and you can see why we are so careful before migrating everything.

Every new feature is designed with https support in mind (contribution page data, arduino day website).

More news on this forum and blog.