|
|
|
|
|
|
by dingaling
2046 days ago
|
|
|
> Alice should either host her photos on Instagram, or learn how to run letsencrypt. Both leading to further centralisation of the Internet. > by providing installers to inject CAs into system cert stores That's already pointless on Android, user-installed CAs are ignored by default unless an app developer opts in to using them. Once we go down this path there's no turning back to the user-centric Web of the 1990s / 2000s |
|
|
And? App developers should opt in to ignoring transport security. I’m sure a bunch of Android shitware attempts to install CAs either via user interaction or exploitation.
> Once we go down this path there's no turning back to the user-centric Web of the 1990s / 2000s
The landscape we live in now is very different to then. I’m all for a free web, but not at the cost of security. The web is now a multi billion trillion dollar industry. Weakening security just so Bob can see Alices’ holiday pics in situation where Alice can’t figure out letsencrypt, is frankly unhinged.
If you want a ‘free web’ you’re welcome to disable any HTTPS enforcement and disable TLS cert checking entirely. Hell, fork a browser, be very clear about the security weaknesses and publish on github if you feel that strongly, I’ll even star it for you.