| ▲ | foobiekr 3 hours ago | |
It’s html. Which is code that your browser executes. Millions of routers are compromised. BGP attacks happen. Anything http stands out as an interesting target for injection. This position is foolish. It’s not a major ask to enable https. | ||
| ▲ | themafia 2 hours ago | parent [-] | |
The browser still has to execute code over HTTPS. You've just moved the injection perimeter from inside my own network into the providers website. I don't think you've fundamentally changed your level of risk unless you spend a huge amount of time browsing on shared password WPA protected wifi networks. You cannot browse to sites under any regime and execute code while expecting security to exist. | ||