| ▲ | sneak 5 days ago | |||||||
Apple did something similar in 2015: CVE-2015-3774 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3774 https://lists.apple.com/archives/security-announce/2015/Aug/... You had to three-finger press to trigger it, though. Similarly, it used unencrypted HTTP. I reported it and it was fixed to use TLS. The dev defending this unencrypted behavior is really wild, though. | ||||||||
| ▲ | koito17 5 days ago | parent [-] | |||||||
Most Chinese sites do not use HTTPS. In fact, TLS 1.3 traffic seems to be completely blocked within China's internet.[1] The decision to use plain HTTP is only strange from a Western viewpoint. Note: I am not defending this behavior. I still remember the era of ISPs injecting content into webpages. But it's important to keep in mind our subset of the world does not reflect the rest of the world. | ||||||||
| ||||||||