|
|
|
|
|
|
by CiPHPerCoder
2889 days ago
|
|
|
Protecting users from malicious ISPs (or the criminals that hack malicious ISPs) is a huge win for anyone. > Factorio's community? Erm... no. Trolls just don't exist in that community. HTTPS isn't about protecting "secretive" shitty people. It's about protecting everyone. |
|
|
But ultimately, I don't think that this vague concept of "privacy" when applied to a game guide really matters. People normally don't shuffle books and anonymize themselves as they put books back onto the library cart for example.
And I'm old enough to remember physical library cards with the names of everyone who checked out a book. I don't recall any privacy concerns about that. But maybe I'm just old-skool or something.
-------------
With regards to malicious ISPs MITMing their users: they kinda control your DNS requests, so good luck with that. I'm not sure if there really is a way to fully secure against an ISP-level attack against the users.
An ISP can always inject into the HTTP -> HTTPS redirection, and serve HTTP right there and then. HSTS assumes that the user has visited a clean version of your site before, if a new user comes in without ever seeing the HSTS, then the ISP still "wins" and captures your users on a fake HTTP version of your site.
So no, the level of attacks you've described, I don't believe HTTPS solves the problem.