| HN Mirror

Y	Hacker News new \| ask \| show \| jobs


	by quasiuna 1152 days ago
	Is this a joke? Seems to be the most bizarre example of a pivot for a service with such a straightforward purpose. It’s like a vegan meat company also selling pork sausage just in case they miss out on some passing carnivores.

2 comments

yardstick 1152 days ago

Did you read the tweet?

They had to add this because browsers now often auto append https:// to manually typed domain entries anyway. So it loads on https, then redirects to a http-only subdomain.

This way you can still find any captive portals needing you to login/accept T&Cs/etc. Which is what neverssl’s core purpose actually is.

link

iforgotpassword 1152 days ago

Sooo, you're behind a captive portal which blocks internet access. So you access an https website on the internet that will redirect you to http. Wat.

link

JoshuaRogers 1152 days ago

The browser cachable bit is critical here. By having visited the page before, even though the network won’t allow traffic yet, the cached page performs a redirect to an unsecured page that the local captive portal CAN intercept.

link

yardstick 1151 days ago

What Joshua said, plus some hotspots also whitelist some IPs, allow some HTTPS temporarily. The world of hotspots is a real mixed bag on how they do things.

link

bityard 1152 days ago

Unless I'm missing something embarrassingly obvious, redirecting HTTPS->HTTP doesn't help those use cases at all.

link

jsmith45 1152 days ago

When behind a captive portal, you need to load some page over http to allow the device MITM you. Nice devices will have built in captive portal checking, but not all devices are built nicely.

On some devices typing “neverssl.com” will try to resolve https://neverssl.com without any form of http fallback. It may be actually pretty difficult to type :// on some devices too.

On these devices, if you ever visit “neverssl.com” when not behind a captive portal, you will get a a catchable redirect to http.

Then the next time you are behind a captive portal, if you type “neverssl.com” the browser resolve it to https like always, but will remember the cached redirect, and try to load the http version, letting you land at the captive portal page.

link

LeoPanthera 1152 days ago

Did you actually read the post? It's quite clear, and doesn't break the purpose of the site at all. It actually makes it work in more places.

link