All modern web browsers have been changed to facilitate site censorship.

Welcome • User Guide
ToS • Privacy • Canary
Donate • Bugs • License

©2024 Poal.co

629

• (+8/-0)

Check sticky comment All modern web browsers have been changed to facilitate site censorship.

You may have noticed that nitter.net's SSL certificate expired last night. You may also have noticed that your browser no longer gives you the option to temporarily add an exception for the website.

This change is (supposedly) intended to increase internet security, by preventing people from visiting spoofed websites. I guess I understand; most normies won't read the pop-up and will just bypass the security mismatch. I'd be unsurprised if a few got caught by DNS exploits or drive-bys.

Thing is, this means that if you're unable to obtain a PKI certificate for your website, or if some government invalidates your certificate, you've been effectively censored off the internet. You could put up a plain http server, but then all communications and all URLs visited can be logged by an outsider.

Right now, chrome has a "secret" bypass for the behavior; click on the background of the warning page, type "thisisunsafe" on the keyboard, then reload, and you can get on. Firefox has no such bypass.

Let's please put some pressure on web browser developers to revert this new behavior.

You may have noticed that nitter.net's SSL certificate expired last night. You may also have noticed that your browser no longer gives you the option to temporarily add an exception for the website. This change is (supposedly) intended to increase internet security, by preventing people from visiting spoofed websites. I guess I understand; most normies won't read the pop-up and will just bypass the security mismatch. I'd be unsurprised if a few got caught by DNS exploits or drive-bys. Thing is, this means that if you're unable to obtain a PKI certificate for your website, or if some government invalidates your certificate, you've been effectively censored off the internet. You could put up a plain http server, but then all communications and all URLs visited can be logged by an outsider. Right now, chrome has a "secret" bypass for the behavior; click on the background of the warning page, type "thisisunsafe" on the keyboard, then reload, and you can get on. Firefox has no such bypass. Let's please put some pressure on web browser developers to revert this new behavior.

(post is archived)

You are currently inside a comment thread.

Click here to see all the comments (13).

[–] • 1 pt

Note that a lot of antivirus software that scans web pages inserts a special CA into your browser, in order to MITM the connection and see what's going over the wire protocol. And yes, it's a huge potential security hole.

parent
link

[–] • 0 pt

A lot of corporate firewalls do this too. Their machines all have a corporate root certificate installed and they use that to spoof the CA for whatever domain you're visiting so they can MITM whatever you're visiting from the corporate network.

parent
link