Websites are not explicitly obligated to use SSL (TLS) certificates because of the GDPR.
If this website is not collecting any of your personal data, GDPR does not concern it.
If you believe the content of your message is too private or confidential, don't use stupid BK forum PM.
viewtopic.php?f=22&t=2689Asking permission to use cookies has nothing to do with SSL (TLS) certificates.
I believe this website fits into the exception:
Cookies clearly exempt from consent according to the EU advisory body on data protection- WP29pdf include:
user‑input cookies (session-id) such as first‑party cookies to keep track of the user's input when filling online forms, shopping carts, etc., for the duration of a session or persistent cookies limited to a few hours in some cases
authentication cookies, to identify the user once he has logged in, for the duration of a session
user‑centric security cookies, used to detect authentication abuses, for a limited persistent duration
multimedia content player cookies, used to store technical data to play back video or audio content, for the duration of a session
load‑balancing cookies, for the duration of session
user‑interface customisation cookies such as language or font preferences, for the duration of a session (or slightly longer)
third‑party social plug‑in content‑sharing cookies, for logged‑in members of a social network.
http://ec.europa.eu/ipg/basics/legal/co ... dex_en.htm