Support 911Blogger


A Message from Bob McIlvaine: The 10th Anniversary Campaign

 

Dear Friends,

My name is Bob McIlvaine. Many of you know me because for the last ten years I have been speaking out for a proper investigation into the murder of my son, Robert McIlvaine, on September 11, 2001.

I am writing you directly because today is the start of the fundraising drive for the 10th Anniversary Campaign, and we need your support to make this campaign the size that it needs to be to generate overwhelming public demand for a new 9/11 investigation.

Many of you have supported Remember Building 7 for the past year because you understand that Building 7 is the key to raising public awareness about 9/11. Today a mere 14% of New Yorkers know the name of Building 7, 3 out 4 have never seen footage of it, and 1 in 3 don’t even know a third building collapsed on 9/11. When most New Yorkers and millions of others in cities across the U.S. are finally exposed to footage of Building 7 on TV – as this campaign will do – some serious questions will start to be asked, even in the mainstream media. When those questions become too difficult to ignore, calls for a new investigation will multiply exponentially.

Please go to RememberBuilding7.org and donate generously. Our movement has grown by leaps and bounds in the ten years it has existed. We must now stand together and realize the full potential of our numbers worldwide, from the most dedicated activists, to those who are informed but have never taken action. We will never have a better opportunity than now.

Thank you for supporting our efforts.

Sincerely,

Bob McIlvaine
Father of Robert McIlvaine

Security warnings when making a donation

I just made a donation with Paypal, and twice during the processing my browser displayed a warning that

"this web page contains content that is not being sent from a HTTPS connection. This may have consequences for the security of the whole web page" (my translation, I use a Dutch languaged browser)

It probably has to do with the AE logo graphic that's being displayed on the Paypal page not being hosted on a HTTPS server.

I fear that people may have cancelled their donation because of these security warnings. This should be fixed asap imo.

Problem occurs with their recommendation of asking us to store header image only on secure (https) server. Though you can store image on http: server also, but it will give a warning to your users that the payment page contains insecure items.
http://reviewofweb.com/how-to/paypal-https-ssl-image-storage-hosting-and-paypal-payment-pages-customization/

arie

Your assessment seems correct.

We're talking about http://www.ae911truth.org/images/newbanner500x65.png.

I've verified that this problem ceases when this image is not loaded. Problem is, AE911Truth's SSL offering is self-signed and therefore not a valid alternative.

Here's a possible solution:

http://www.sslpic.com/

However, I don't know the people behind this site, so I don't know if this is trustworthy. And they would see everybody who loads the AE911Truth picture this way, indicating they are about to donate to AE911Truth, in fact constituting a privacy leak, just like this situation which we wanted to remedy.

Thanks for this

Thanks for this troubleshooting friends.

I am relaying this information to the proper people at AE.

HTTP(s)

The problem must be the (s) missing in the HTTP URL for the image. We will look into this ASAP and thanks for reporting this!

HTTPS/SSL

world911truth, unfortunately it isn't so simple. Using Secure HTTP, over Secure Sockets Layer (SSL), involves more than just appending an 's' to the URI scheme. This protocol requires the webserver to be configured to support it and listen on the TCP port (443) reserved for it. It requires obtaining a signed certificate from a certificate authority.

AE911Truth has completed some of these steps but its SSL certificate is apparently self-signed. There's nothing wrong with that per se, but browsers will still regard it as unsafe, since your OS doesn't, by default, ship the means (the CA public keys) to verify the authenticity of such a self-signed certificate.

See: http://en.wikipedia.org/wiki/Transport_Layer_Security

Thus, hosting the image on AE911Truth's HTTPS service won't change much at this point. The solution I proposed would, but at the cost of trusting the external service not to collect information about AE911Truth's donors. The alternative is hoping potential donors will not be scared away by browser security warnings. So, it's a bit of a dilemma, I think. If AE911Truth has or knows trusted parties (e.g. another well known and reliable 9/11 truth website) who have a fully configured HTTPS service running with CA-signed certificates, the matter is solved, they could host their logo there.

Just donated. One problem...

... regarding non-US donations is that the form requires one to specify a "state", even when one selects a country other than the USA from the drop-down list.

The "state" field accepts two characters. We don't have "states" in Finland, but fortunately what I put there did not interfere with the payment. But I do find this odd, and some non-US donors might be more perplexed by this.

Nevertheless, everyone please donate now.