WelcomeUser Guide
ToSPrivacyCanary
DonateBugsLicense

©2024 Poal.co

1.4K

You may have noticed that nitter.net's SSL certificate expired last night. You may also have noticed that your browser no longer gives you the option to temporarily add an exception for the website.

This change is (supposedly) intended to increase internet security, by preventing people from visiting spoofed websites. I guess I understand; most normies won't read the pop-up and will just bypass the security mismatch. I'd be unsurprised if a few got caught by DNS exploits or drive-bys.

Thing is, this means that if you're unable to obtain a PKI certificate for your website, or if some government invalidates your certificate, you've been effectively censored off the internet. You could put up a plain http server, but then all communications and all URLs visited can be logged by an outsider.

Right now, chrome has a "secret" bypass for the behavior; click on the background of the warning page, type "thisisunsafe" on the keyboard, then reload, and you can get on. Firefox has no such bypass.

Let's please put some pressure on web browser developers to revert this new behavior.

You may have noticed that nitter.net's SSL certificate expired last night. You may also have noticed that your browser no longer gives you the option to temporarily add an exception for the website. This change is (supposedly) intended to increase internet security, by preventing people from visiting spoofed websites. I guess I understand; most normies won't read the pop-up and will just bypass the security mismatch. I'd be unsurprised if a few got caught by DNS exploits or drive-bys. Thing is, this means that if you're unable to obtain a PKI certificate for your website, or if some government invalidates your certificate, you've been effectively censored off the internet. You could put up a plain http server, but then all communications and all URLs visited can be logged by an outsider. Right now, chrome has a "secret" bypass for the behavior; click on the background of the warning page, type "thisisunsafe" on the keyboard, then reload, and you can get on. Firefox has no such bypass. Let's please put some pressure on web browser developers to revert this new behavior.

(post is archived)

You are currently inside a comment thread.
Click here to see all the comments (13).
[–] 0 pt

Okay, I posted a message as a quick response, then realized it didn't respond to what you'd actually said. Then I researched it, and now I'm ready to re-reply.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security

The stated purpose of "Strict Transport Security" is to prevent HTTP fallback on sites that should only be connected to via HTTPS. It is not to only allow connections with valid certificates, and it shouldn't be made impossible to get around IMO, especially when the connection is via HTTPS, and when I can examine the certificate and see for myself why it's considered invalid.