I have found a beautiful website for playing chess online with a human opponent. There are no ads. You are not asked to pay anything. You submit no personal information. The only thing the site knows is your web address and a unique identifier pertaining to this particular chess match. The site is called PlainChess. It is accessed only with an HTTP URL. Which makes me wonder whether it is safe.
It has the following characteristics:
You enter the URL (http://plainchess.timwoelfle.de) and up pops the entry page, which looks like this:
The person playing White enters a unique string identifying this game, such as
Bob_2020-04-04-2131hrs
The person playing Black at another location must enter the exact same string.
Up pops a chess board on the screens of both players:
From here on, the only additional information transmitted by a player to the website is the instruction to move a chess piece to a particular location on the board. The website then transmits to both players an image of what the board looks like after the move is made.
My questions are:
- Can a hacker extract any useful information from the flow of data between players and website? All the hacker can extract presumably are the web addresses of the players and useless material on chess moves? Can this be used for bad purposes?
- Can a hacker insert insidious code to the website to hijack the game... For example, code that inserts an ad, or causes a jump to another website, or invisibly sends a virus to the players? (I would guess that the answer to this question will depend on what steps the website programmer has taken to stop this from happening.)
- Am I right in thinking that a hacker can always insert malicious code if they can impersonate the site's programmer, but that there are steps the programmer can take to make this very difficult?
- Is it possible for the designer of the website to transmit invisible malware to your computer, that may be hostile, that Opera will not flag? I suspect the answer is yes, easy peasy. If yes, then one has to trust the designer. In this particular case, I do.