Recent searches

No recent searches

Search options

Only available when logged in.
fosstodon.org is one of the many independent Mastodon servers you can use to participate in the fediverse.
Fosstodon is an invite only Mastodon instance that is open to those who are interested in technology; particularly free & open source software. If you wish to join, contact us for an invite.

Administered by:

Server stats:

8.6K
active users

fosstodon.org: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.4

#httpseverywhere

0 posts0 participants0 posts today
Karl

HTTP or HTTPS?

I'm building a new static website, minimalist design etc, mostly about my hobbies and interests. Although, who knows, maybe in the future I will cover more controversial topics ...

Is there any good reason *not* to use HTTPS?

#http#https#httpseverywhere
shaun

Maybe noteworthy to some:

If you see "https-rulesets​.org" in your #DNS logs going forward, there's a #browser somewhere on your network that needs attention.

The #HTTPSEverywhere browser extension, which was retired a couple years ago by EFF, periodically checked "https-rulesets​.org" for updates. That domain expired this week and got snatched up by a squatter. I don't think it resolved at all for most of 2024 and nothing should be querying it now.

:mima_rule: Mima-sama

This push for #HTTPSEverywhere would've been perfectly fine if it just focused on #HTTPS / #TLS / #SSL as an option always available. But no, it also pushed for it to be mandatory (even if it doesn't make sense if you look at the #threatmodel), and as a result pretty much everything in the #web cannot be accessed with a #browser that doesn't have an up-to-date enough TLS support. Which is fine I guess if you're on a modern computer anyway, but a pain if you're on #retrocomputing. ​:seija_coffee:​

The #LetsEncrypt #centralization is also a serious concern, which is why I avoided using it for my #VPS.

RE: https://hamishcampbell.com/a-balanced-and-pragmatic-approach-to-native-openweb-security/

OfShad0ws

Расширение HTTPS-Everywhere больше не нужно, да-да. Режим встроен в браузер, конечно.
Тем временем рабочий gmail: зависает на минуту в этом режиме. На двух разных ОС, независимо от настроек DNS и флагов about:config

Есть ещё скрин, где минута уходит на некий "TLS Setup".
Выключил опцию. Посмотрим.

#Firefox#HttpsEverywhere#rant
Replied in thread
resist1984

@eff the whole point to the #HTTPSEverywhere db is to skip the lag of attempting a fetch that will potentially fail. This new version will require people to fetch the javascript file, execute it, then do another network fetch to check the site. How is that better than a browser that just tries HTTPS outright and reverts to http when it fails?

Continued thread
Som

pretends to improve the privacy by replacing some common JS libraries served through CDNs with locally stored copies. Not really sure how important the effect is (e.g. what fraction of all CDN requests is blocked this way), but it never broke any site for me, hence why not?

ensures that all sites supporting SSL connection do actually use it. A few years ago I took care to write the rules for my favorite sites myself. Now everything works mostly out of box.

Sven Brier

Es kommt vor, dass ich durch Browser Fremder das Internet betrachte und dabei regelrecht erschrecke. Daran merke ich, wie sehr ich daran gewöhnt bin, das Netz gefiltert durch die von mir installierten Browser-Erweiterungen zu betrachten. Viele Menschen wissen überhaupt nicht, wie leicht es ist, schöner zu browsen. ...

#Adblocker #Bitwarden #Browser #Cookies #Decentraleyes #Erweiterung #HTTPSEverywhere #Mailvelope #Passwordsafe #PrivacyBadger #Tracker #uBlockOrigin

svenbrier.de/7-browser-erweite

TrendingLive feeds
About