| ▲ | mattmanser 6 days ago |
| Because without HTTPS it's trivial to MITM that clipboard content if they're always sending it via http. People in your coffee shop on the same WiFi could read it. I get some people don't realize that's how TCP/IP works and the firesheep stuff all happened 15 years ago. But a bit worrying to see a frequent HN contributor challenging that. That's why we now push for Https everywhere. |
|
| ▲ | charcircuit 5 days ago | parent | next [-] |
| >People in your coffee shop on the same WiFi could read it. WEP has been deprecated for over 2 decades. |
| |
| ▲ | kstrauser 5 days ago | parent | next [-] | | That has no effect on the owner of a malicious access point. HTTP over WPA2 is plaintext again the moment the AP decrypts it. | |
| ▲ | ants_everywhere 5 days ago | parent | prev | next [-] | | you may be surprised at the number of unsecured WiFi networks there are. I see them in 2025 in captive portals, public libraries, and when traveling abroad. | |
| ▲ | zamadatix 5 days ago | parent | prev | next [-] | | Not all guest Wi-Fi uses a PSK. In general, assuming all networks will already be encrypted along each hop to the server is a losing assumption for users. | |
| ▲ | 5 days ago | parent | prev [-] | | [deleted] |
|
|
| ▲ | __MatrixMan__ 5 days ago | parent | prev [-] |
| Https everywhere is a good start, it keeps the other plebs at the coffee shop out of your business. But it's still open to anyone with enough power to coerce a CA, which is the more concerning sort of adversary anyhow. So yes, https everywhere, but let's not stop there. |
| |
| ▲ | dannyw 5 days ago | parent [-] | | Yes, but we have widely deployed efforts like certificate transparency, and cert pinning. The first makes such attacks widely known events, browsers report by default, and it s provable. It’s very rare. The second allows apps to only trust specific certs or CAs, ignoring system root of trust. I just want to clarify HTTPS in practice is quite secure. | | |
| ▲ | __MatrixMan__ 5 days ago | parent [-] | | I'll not let go of my distaste for roots of trust in any form, but you likely have a point. I'll have to learn more about this transparency thing. |
|
|
