| ▲ | JoshTriplett 2 days ago | |
> More generally, I support secure defaults but almost invariably disagree with disallowing users to shoot themselves in the foot. I agree with this. But also, there is a strong degree to which users will go track down ways (or follow random instructions) to shoot themselves in the foot if some site they care about says "do this so we can function!". I do think, in cases where there's value in collectively pushing for better defaults, it's sometimes OK for the "I can always make my device do exactly what I tell it to do" escape hatch to be "download the source and change it yourself". Not every escape hatch gets a setting, because not every escape hatch is supported. | ||
| ▲ | fc417fc802 2 days ago | parent [-] | |
> escape hatch to be "download the source and change it yourself" In theory I agree. In practice building a modern browser is neither easy nor is it feasible to do so on an average computer. Given that a nag message would suffice to coerce all mainstream operators (thus accomplishing the goals I've seen stated) I'm left unconvinced. That said, I'm not particularly bothered since the trivial workaround is a self signed certificate and the user adding an exception. It's admittedly a case of principle rather than practice. | ||