guys, we should ditch https because its toxic max-security, we shouldnt have the bare minimum of security, its hurting our real internet experience of a popup warning because how there are third world bug people who constantly engage being bad actors to every normal person on the internet but we will NEVER talk about that. should we ditch https for some homemade security layers?
>>108607681>make http site>not secure>pay fee to jews>now https>securehow does this work?
>>108607752they bully you by getting a CA, but (((they))) dont want you to know that you could actually just get it for free anyway
>>108607681>http site>not paying a jew for -suhm, BASED!>insecureeee waaaah waaaaah!provide a .onion too
Anyone can intercept the traffic of a static site by simply visiting it.
>i-if sites don't have https everyone will be able to see the sites you visit!!!The site is a personal blog, I don't care if anyone else sees that I'm visiting it, maybe whoever is eavesdropping my connection might find it interesting it too.I would, however, like to have encryption when I'm sending messages to my contacts, because nobody needs to read my private conversations.>NOOOOOOO actually privacy is le bad! i-if you have nothing to hide you have nothing to fear!!
>>108607681>bare minimum of security requires 7 billion lines of code and 3 phds to implement from scratch
>>108608605Its not just about encryption. Without HTTPS you have no way of knowing if the data you're receiving is from the website you're trying to access or if its been intercepted and replaced with something malicious.
>>108607752You can do https with a self signed certificate. Its just more convenient to use a trusted third party instead of manually verifying public keys for each website.
>>108607752the video op neglected to link to explains it in great detailhttps://youtu.be/M1si1y5lvkk
>>108608605we can see what sites you visit by watching your DNS requests, https has nothing to do with it
>>108607752>pay for a certtell me how I know you don't belong here
>>108608892I just saw it before this threadtldr boomer is too stupid to install certbot or move his domain to cloudflare
>>108609630So true fellow man of culture! Cloudflare is so hip and cool, those damn boomers who refuse to use its advanced protection and extraordinary features are just NPCs beep beep am I right?
>>108609630>tldr boomer is too stupid to install certbot or move his domain to cloudflareif you believe this then i don't believe you watched the video, because for one that's not at all the point of the video, and also what he did instead was a deliberate "fuck you" to browsers like chrome putting up warnings for any site not using https and his solution is far, FAR, more difficult than just folding and setting up certbot/cloudflare
If a website takes no input from the user, then https isn't required.
>>108609672the video is complaining about just that. that his personal website that has been there since the '90s that doesn't handle anything private at all is now causing big scary warnings in modern browsers simply because it's not https. so he goes full malicious compliance by rolling his own https proxy encryption handling that is as deliberately hilariously insecure as possible. if you've seen any of his previous videos you know it's gonna be gud
>>108609630>boomer is too stupid to install certbot or move his domain to cloudflarehe says about a guy who wrote a 25-page paper for SIGBOVIK about the subject and how he practically worked around having a secure website while having a "secure website".i bet you feel so intelligent for just doing what google asks you to do as they intend you to do it.
>>108609630>cloudflarethe global MITM
>>108609630>tldr boomer is too stupid to install certbot or move his domain to cloudflare
>>108609630okay retard
>>108609630His publication history makes it obvious he's not stupid. And while he holds a minority position it's not exactly fringe or extremist. If anything it's on the rise among everyone who doesn't operate their own peering/surveillance networks. It's actually illegal in all 5 eyes countries to blanket weiretap unencrypted traffic, it's only legal for encrypted traffic. Think about it.
quic/http3 is just a ip
did tom published the code? I don't feel like reading the 20 page paper. I imagine it's all C since he did ML in c
>>108611149>It's actually illegal in all 5 eyes countries to blanket weiretap unencrypted traffic, it's only legal for encrypted traffic. Think about it.suddenly things make more sense
>>108611803yes, he didhttps://sourceforge.net/p/tom7misc/svn/HEAD/tree/trunk/httpv/
>>108609630Check the date on that video and then come back here. He does this every year.
>>108611965Is anyone else still even making sigbovik videos? It's been years since I've seen anyone else's and every time I check the roster it shrinks.
>>108609630>cloudflare>these random hiccups since 2024>used to be actually 99% uptime
>>108612049It's unironically Rust and AI to blame.
>>108607681>should we ditch httpsNo. >for some homemade security layers?Especially no. That's only going to make it worse. Security through obscurity is no real security at all.However, we probably should ditch the "use https for everything" approach we're using today. Do I care if my ISP, the government, or anyone else watching my connection can see that I read a web page about the history of light bulbs or whatever else? Do they care that I did? No. Then why secure that with https? But definitely still use it for anything that's handling a password, card number, bank details, etc.
>>108612223>Then why secure that with httpsBecause mitm can inject malicious content otherwise.
>>108612239Javascript was truly a mistake.
>>108612248Javascript itself is fine. AJAX is the mistake.
>>108608635cant you just copy and paste it, do you have to like redesign your whole website just to have https?
>>108612223but youre not only reading about light bulbsbecause the light bulb web page wants to make money, they'll have adsand those ads will track you to "optimize your experience" aka manipulate you. they will (they did) build a profile for you, so they can show you ads that you are more likely to click.and now viewing that light bulb web page not only tells everyone en route that youre interested in light bulbs, but also your ad profile via the content of the ads. youre getting ads for dragon dildos, extra small condoms and diapers for a reason. every time you open an unencrypted page with ads. your ad profile alone is worth encrypting all traffic.>hurr i have an adblocker
>>108611149>. It's actually illegal in all 5 eyes countries to blanket weiretap unencrypted traffic, it's only legal for encrypted traffic.wut?u making this up popo?
>>108607681Glownigger tracking thread
TOFU is the correct way to do TLS so you don't need CAs.
>>108614040NTA, but in USA if you argue to a Court that they spied on you without a warrant and you had a "reasonable expectation of privacy" then the Judge will throw out the evidence.
>>108614182https://en.wikipedia.org/wiki/Parallel_construction
>>108608635wife.
>>108607681i love the ability of applications to create traffic that the user has no ability to decipher :)>trust me goy, its secure hehehe
>>108607752HTTPS (Hypertext Transfer Protocol Secure) encrypts data between a web browser and server using Transport Layer Security (TLS). It ensures data integrity, confidentiality, and authentication via a "handshake" process, where a server presents a certificate, and a secure session key is exchanged, securing communication from eavesdropping.
>>108607752certbot is entirely free.
Started watching the video to see how far I'll get before getting angry, but was pleasantly surprised. It's actually a cool way to serve just-my-prose websites because hotel routers and american ISP middleboxes will see TLS handshake and fuck off.
very cool tom, now i can't see your website at allthis is what happens when you work at google and only test for chrome, i guess?
>>108607681This latest glavset campaign is really scatterbrained and retarded.
this video might be the easiest test for retards /g/ has yet encounteredthere is nothing wrong with malicious compliance for his purposes
>>108618286what about the fact that some users now can't access his site at all
>>108618293it's left as an exercise to the reader
>>108618298No one can force me to exercise!!!
>>108615725yes, and? that's a complete tangent. datacenters in utah collect all encrypted traffic. unencrypted traffic is not collected.
