WelcomeUser Guide
ToSPrivacyCanary
DonateBugsLicense

©2024 Poal.co

733

You may have noticed that nitter.net's SSL certificate expired last night. You may also have noticed that your browser no longer gives you the option to temporarily add an exception for the website.

This change is (supposedly) intended to increase internet security, by preventing people from visiting spoofed websites. I guess I understand; most normies won't read the pop-up and will just bypass the security mismatch. I'd be unsurprised if a few got caught by DNS exploits or drive-bys.

Thing is, this means that if you're unable to obtain a PKI certificate for your website, or if some government invalidates your certificate, you've been effectively censored off the internet. You could put up a plain http server, but then all communications and all URLs visited can be logged by an outsider.

Right now, chrome has a "secret" bypass for the behavior; click on the background of the warning page, type "thisisunsafe" on the keyboard, then reload, and you can get on. Firefox has no such bypass.

Let's please put some pressure on web browser developers to revert this new behavior.

You may have noticed that nitter.net's SSL certificate expired last night. You may also have noticed that your browser no longer gives you the option to temporarily add an exception for the website. This change is (supposedly) intended to increase internet security, by preventing people from visiting spoofed websites. I guess I understand; most normies won't read the pop-up and will just bypass the security mismatch. I'd be unsurprised if a few got caught by DNS exploits or drive-bys. Thing is, this means that if you're unable to obtain a PKI certificate for your website, or if some government invalidates your certificate, you've been effectively censored off the internet. You could put up a plain http server, but then all communications and all URLs visited can be logged by an outsider. Right now, chrome has a "secret" bypass for the behavior; click on the background of the warning page, type "thisisunsafe" on the keyboard, then reload, and you can get on. Firefox has no such bypass. Let's please put some pressure on web browser developers to revert this new behavior.

(post is archived)

[–] [Sticky] 6 pts

I can't believe this is the post that caused me to register after lurking since voat went down.

You are misunderstanding the technology. This isn't the browser, it's nitter's requirement. You can view their certificate requirements in your browser.

You can't just "allow" an exception on nitter because nitter REQUIRES a secure connection. Their SSL certificate specifies this. Their certificate flags to use HTTP Strict Transport Security, which ONLY allows secure connections. The reason your nitter plugin or redirect won't work is because they took the precaution to ensure that morons don't just allow an exception in the case that they did become compromised. What you are experiencing is the protection working as intended.

Also, to help you out, there is a maintained daemon that tracks the uptime of nitter instances. Here is a handy link for you - https://github.com/xnaas/nitter-instances

That will show you which nitter instances are working, their uptime, and their response time. You aren't even supposed to make nitter.net your default instance, and because everyone does anyway, it gets rate limited. Nitter is software. Distributed software. You are SUPPOSED to use it distributed. So update your plugin or your bookmark to use an available instance. If you are using Nitter Redirect (plugin/extension), it's as simple as clicking on the icon, then copy/paste the address for one of the other instances.

I swear, sometimes the tin-foil hats are a wee too tight around here.

Good day, and welcome to the future.

[–] 0 pt

Okay, I posted a message as a quick response, then realized it didn't respond to what you'd actually said. Then I researched it, and now I'm ready to re-reply.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security

The stated purpose of "Strict Transport Security" is to prevent HTTP fallback on sites that should only be connected to via HTTPS. It is not to only allow connections with valid certificates, and it shouldn't be made impossible to get around IMO, especially when the connection is via HTTPS, and when I can examine the certificate and see for myself why it's considered invalid.