[ksjskskskkk]

https everywhere is literally throwing the baby with the bathwater. yeah we got a little better at hiding content, still leaking ton of metadata, and still vulnerable to all the root CAs in your browser... and lost cache and everything else that http had.

[jbotz]

> https every[where] is literally[1] throwing [out] the baby with the bathwater[2].

1) That would be figuratively, not literally, as there's no literal baby in HTTPS-everywhere that I know of.

2) What is HTTPS-everywhere throwing out? Which part is the baby and which is the bathwater? I don't think this is the right expresion to use here, not even figuratively.

[dllthomas]

> no literal baby in HTTPS-everywhere that I know of

Well not anymore. We threw it out.

[jkubicek]

literally

[ksjskskskkk]

on 2: caches for one

[gruez]

>and still vulnerable to all the root CAs in your browser...

certificate transparency makes this very risky to pull off, making it all but useless unless you're trying to catch a international terrorist or something.

[ksjskskskkk]

you forget systems have humans in them. most online banking scams hijack bank domains and use CAs for that country gov, which usually have keys leaked or sold on the right (wrong?) places. just look at india or brazil list of small govt CA revocations. those are usually CAs signed by the CAs in your browser.

so, yeah, a gov abusing this is very bad and visible. scammers profiting from the complexity and humans in the machine, is very common.

[gruez]

>most online banking scams hijack bank domains and use CAs for that country gov, which usually have keys leaked or sold on the right (wrong?) places. just look at india or brazil list of small govt CA revocations

Source? If true they're grounds for ejection from root certificate programs of various OS/browsers.

[ksjskskskkk]

karpersky writes about then from time to time. since its not the CA key but some CA signed by those CA they just revoke that one and move on and nobody cares. last year (or the one before) they discussed this at length on the mozilla chats before the meeting

[verisimi]

> and lost cache and everything else that http had.

A genuine loss, and also the ability to zip imagery.

[Avamander]

Was it a loss? I don't think so. It was either ineffective, stale or a massive privacy issue. We're better off with local caches.

[verisimi]

The zip images? It meant that less data was being sent. Same with the cache.

The worst of it was that internet providers wanted to tamper with data, and insert this or that advert into what they sent. The absence of that is a good thing.