|
|
|
|
|
|
by lmm
1867 days ago
|
|
|
> Correct. That is why the threat model of the information owner is what determines what a site serves. Information owners generally do have a threat model in mind. It is, after all, their information, their website, and their security policies that matter. Except it's often the user who is on the hook for the risk. You mustn't outsource your threat model to someone who doesn't necessarily care about you. Unless you're a sufficiently qualified security expert to be able to judge whether this instance is safe, the only reasonable policy is to never connect to a http website (or one that uses cloudflare, since they offer fake https to their customers). |
|
|