|
|
|
|
|
|
by woodruffw
1234 days ago
|
|
|
I think you're setting up a false dichotomy here: I believe strongly in client filtering and in empowering users to do whatever they need to do to flush out the junk that comes with the modern online experience. I do it on my own devices, though both browser extensions and a local DNS server. I'd even consider doing it with a root CA, if it came to that (but so far it hasn't). When I say "audit," I mean in the sense that existing ecosystems like CT already provide automatic auditability of certificate issuance. We're not talking about a private company sleuthing through your computer; we're talking about a way to enforce the stated security model that most users expect when a connection is described as "encrypted." |
|
|