[yardstick]

Did you read the tweet?

They had to add this because browsers now often auto append https:// to manually typed domain entries anyway. So it loads on https, then redirects to a http-only subdomain.

This way you can still find any captive portals needing you to login/accept T&Cs/etc. Which is what neverssl’s core purpose actually is.

[iforgotpassword]

Sooo, you're behind a captive portal which blocks internet access. So you access an https website on the internet that will redirect you to http. Wat.

[JoshuaRogers]

The browser cachable bit is critical here. By having visited the page before, even though the network won’t allow traffic yet, the cached page performs a redirect to an unsecured page that the local captive portal CAN intercept.

[yardstick]

What Joshua said, plus some hotspots also whitelist some IPs, allow some HTTPS temporarily. The world of hotspots is a real mixed bag on how they do things.

[bityard]

Unless I'm missing something embarrassingly obvious, redirecting HTTPS->HTTP doesn't help those use cases at all.

[jsmith45]

When behind a captive portal, you need to load some page over http to allow the device MITM you. Nice devices will have built in captive portal checking, but not all devices are built nicely.

On some devices typing “neverssl.com” will try to resolve https://neverssl.com without any form of http fallback. It may be actually pretty difficult to type :// on some devices too.

On these devices, if you ever visit “neverssl.com” when not behind a captive portal, you will get a a catchable redirect to http.

Then the next time you are behind a captive portal, if you type “neverssl.com” the browser resolve it to https like always, but will remember the cached redirect, and try to load the http version, letting you land at the captive portal page.