|
|
|
|
|
|
by rsj_hn
1863 days ago
|
|
|
> I agree that stating that TLS does not garuntee security. But, plain unencrypted HTTP does mean insecure. No, it does not. These are bold statements made without evidence that your personal preference should override the threat model of information owners -- that they must worry about something they have looked at and chose not to view as a threat. I once had a website that had Hebrew drills, so you could look up the construct forms of various nouns and other grammatical information. I did not care if an attacker in a coffee shop or other public network was trying to intercept that site and give a victim incorrect Hebrew words. It was not a threat in my threat model. So I did not use https. My website, my information, and I know the threat model to use. My site would not have been more "secure" if everything was encrypted. There would be no meaningful benefit to anyone from me doing that, and being a security professional, I was not interested in security theater, but only actual security. > We should _never_ expect regular non-technical users to have all of their threat models in mind Correct. That is why the threat model of the information owner is what determines what a site serves. Information owners generally do have a threat model in mind. It is, after all, their information, their website, and their security policies that matter. They are the ones in a position to decide whether they care if their http responses are altered or not in targetted attacks on public networks. Obviously a site that accepts credentials or displays sensitive information is very different from a site that displays verbal patterns. The fact of the matter is that in many cases, there is no need to care and no real security benefit to encrypting the site. |
|
|
Except it's often the user who is on the hook for the risk. You mustn't outsource your threat model to someone who doesn't necessarily care about you. Unless you're a sufficiently qualified security expert to be able to judge whether this instance is safe, the only reasonable policy is to never connect to a http website (or one that uses cloudflare, since they offer fake https to their customers).