Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
PostgreSQL 9.3 beta: Federated databases and more
LWN.net Weekly Edition for May 9, 2013
(Nearly) full tickless operation in 3.10
'HTTPS Everywhere' is a PITA
Posted Feb 29, 2012 1:11 UTC (Wed) by sjj (subscriber, #2020)
Many corporations use these nowadays.
Posted Feb 29, 2012 1:46 UTC (Wed) by smadu2 (subscriber, #54943)
Google chrome issues me a waring that the site's certificate is not trusted and I have to import my organizations "root certificate"). It even refuses to allow me further with out importing.
I would ask PITA or be secure?
Posted Feb 29, 2012 9:55 UTC (Wed) by puchalakd (guest, #28036)
It's not only about "this information is public, or private" it's about your security.
I have strong believe that LWN editors wouldn't include anything malicious. But the problem is that I'm using internet in a lot of different places and I don't have so strong confidence that owners (real ones, or the ones that "hack" into it) would not modify my traffic just because they can.
Please, take a look at the funny way to modify internet web access:
(rotate images in webpages, or make them blurry :) )
But someone can make that modifies more malicious. Include whatever thay want! And there is a pretty high chance that your browser will run this.
Unless you are very paranoid :)
Another problem is that even if I browse my favorite web site using HTTPS, there can still be some connections which are not secure.
Many sites are using external scripts, images, adds, tracking and so on.
If only one of this connection is not encrypted someone can modify that traffic and change it to something malicious. And even this famous Green bar with https would help you.
If someone want to protect himself/herself or is just curious what is really loaded with webpage please install and try to use RequestPolicy firefox add-on.
So it's not just a problem - Do I have something to hide when I'm browsing net?
The real problem is I don't want to be infected, lose control over my account @..., let someone post something that will make me look stupid, etc.
Posted Feb 29, 2012 14:44 UTC (Wed) by ewan (subscriber, #5533)
This is not always done as a result of people being funny; a significant fraction of mobile network operators will intercept requests for JPEG files and re-compress them to lower quality to save over-the-air bandwidth; this is a recurring source of complaints about poor image quality being posted to Flickr's help forum. Using HTTPS everywhere prevents that sort of misbehaviour.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds