|
|
|
|
|
|
by deadowl
3608 days ago
|
|
|
The URL that's supposed to redirect to HTTPS is still vulnerable to MitM. It can be modified in transit to serve up the same data as the HTTPS URL, but in plaintext, and potentially with a different form action attribute, etc. There are different things that can help with that, but none of them universally protect privacy. |
|
|
To be more specific, I'm referring to the "Don't break the Web" section in the article.