[elondaits]

What about a malicious DNS (on a public spoofed or hacked WiFi) that forwards you to a lookalike domain? Unfortunately many times public WiFi doesn’t work with Google’s or Cloudflare’s DNS servers (I think the Deutsche Bahn’s WiFi was such a case, if I remember correctly, but I know I came across a few on the last few years while traveling). I don’t think there’s anything protecting against that when you’re using a browser.

Sometimes circumstances force one to connect to a public WiFi (e.g. airports, where WiFi is always super dodgy).

[raquuk]

I don't think a malicous DNS Server can redirect your request to a domain that does not result in a certificate warning when using HTTPS.

With browsers adopting DoH, a public WiFi should not be able to interfere with DNS much.

[hiatus]

HSTS solves this to some extent. If you've visited the domain in the past (or the site operator submitted to the HSTS preload list), a different certificate presented would be flagged by your browser.

[mr_mitm]

Not a different certificate, but one signed by an untrusted authority. HSTS won't let you bypass it.

There used to be a Firefox addon that could warn you if the actual certificate changed, but it died with manifest addons.

[arielcostas]

It isn't too useful nowadays, is it? With most websites' certificates being from Let's Encrypt or similar CAs automated via ACME and up to 90-day certs; and this getting reduced in the future to only 47 days. Every month you'd need to accept any website's new certificate.

Also, does HSTS have something to do with the authority? AFAIK it only forces the browser to use HTTPS and never plain HTTP for that domain, but if you switch from a legit Let's Encrypt to a legit ZeroSSL cert, HSTS won't care about it; only the browser if you have a not-trusted certificate from another CA (or self-signed).

[michaelt]

Your better websites use "HSTS Preloading" to ensure users always get sent to the https version of the site - in which case even if the attacker redirected the DNS resolution, you'd just get an SSL error as the attacker wouldn't have a valid certificate.

Of course, an astonishing number of (even important, high-profile) websites don't bother with HSTS preloading ¯\_(ツ)_/¯