As 2015 winds down, we remain committed to one of our major initiatives this year, security. Not as obvious or glamorous as UI/UX improvements, but critical and exciting (to us anyway) nonetheless.
Both Site Owners and Tapatalk users benefit from robust security efforts. We’ve even got one expert senior-level engineer who is wholly focused on security infrastructure. Additionally, with technical offices in North America, Europe, and Asia, we are literally monitoring systems 24/7. We can assure you that we are taking all steps possible to ensure that our Site Owner partners and app users are safe and secure.
Moving Images on SSL
Since Q1 2015, we have been making some Tapatalk hosted images available on systems that allows SSL (Secure Sockets Layer) in the URL. Today, we have started the process to sunset all non-SSL images by migrating all images to this the new platform. In order to support older user uploaded images, will require that existing URLs in the forum post content to be changed to point to the new location. This change also introduces the first stages in supporting IPv6 forums as the new image service provides both IPv4 and IPv6 access.
For all images that published to Tapatalk before November 2015, you will need to update your older image addresses. In the near future we will publish a detailed instuctions in a Knowledge Base post on how to update URLs, and provide a few months to complete the restructure.
We appreciate your understanding and your efforts in updating the URLs. We are making this change to continue to provide the highest possible level of security and compatibility as forums using SSL will no longer alert when serving mixed secure and insecure content.
Tapatalk Bug Bounty Program
About a year ago, we launched a Security Incident Response Web Forum (https://tapatalk.com/security.php). To encourage “whitehats” to report security related bugs in Tapatalk or in our Plugin, within the next week we will launch a Bug Bounty Program in Hackerone (http://hackerone.com/tapatalk). Over the past year, we have received more than 50 incident reports with 6 verified incidents, resulting in 5 security releases affecting 10 different forum systems.
Your security and privacy continues to be a top priority for Tapatalk, and the change in image URLs to HTTPS/IPv6 and the bug bounty program is a continuation of our on-going commitment to security.