[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Repo-criteria-discuss] HSTS screw?
From: |
Mike Gerwitz |
Subject: |
Re: [Repo-criteria-discuss] HSTS screw? |
Date: |
Wed, 12 Oct 2016 19:15:03 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) |
On Wed, Oct 12, 2016 at 12:02:19 +0200, Hanno Böck wrote:
> You can certainly do that by either modifying your browser or using one
> that doesn't support HSTS.
>
> But I think it doesn't achieve what you want. As far as I understand
> your goal is to choose a site to connect to that many other people use
> in order to avoid identification of you.
>
> However if you access Wikipedia through HTTP while almost everyone else
> uses HTTPS then this is a very identifying pattern.
HSTS is just an extra level of security that tells your browser that it
should never try HTTP. If your browser doesn't support it, that doesn't
mean that the webserver will allow you to use HTTP---it is not possible
to access wikipedia.com over an HTTP connection; it will always force a
redirect. Just as I have my webserver configured to never allow HTTP
connections. Different webservers may have different configurations
(e.g. google.com).
--
Mike Gerwitz
Free Software Hacker+Activist | GNU Maintainer & Volunteer
GPG: 2217 5B02 E626 BC98 D7C0 C2E5 F22B B815 8EE3 0EAB
https://mikegerwitz.com
- Re: [Repo-criteria-discuss] [Savannah-hackers-public] Savannah and HTTPS, (continued)
- Re: [Repo-criteria-discuss] [Savannah-hackers-public] Savannah and HTTPS, Michal Grochmal, 2016/10/10
- Re: [Repo-criteria-discuss] [Savannah-hackers-public] Savannah and HTTPS, Juuso Lapinlampi, 2016/10/10
- Re: [Repo-criteria-discuss] [Savannah-hackers-public] Savannah and HTTPS, Richard Stallman, 2016/10/10
- [Repo-criteria-discuss] HSTS screw?, Richard Stallman, 2016/10/10
- Re: [Repo-criteria-discuss] HSTS screw?, Mike Gerwitz, 2016/10/10
- Re: [Repo-criteria-discuss] HSTS screw?, Richard Stallman, 2016/10/11
- Re: [Repo-criteria-discuss] HSTS screw?, Hanno Böck, 2016/10/11
- Re: [Repo-criteria-discuss] HSTS screw?, Richard Stallman, 2016/10/11
- Re: [Repo-criteria-discuss] HSTS screw?, Hanno Böck, 2016/10/12
- Re: [Repo-criteria-discuss] HSTS screw?, Richard Stallman, 2016/10/12
- Re: [Repo-criteria-discuss] HSTS screw?,
Mike Gerwitz <=
- Re: [Repo-criteria-discuss] HSTS screw?, Richard Stallman, 2016/10/13
- Re: [Repo-criteria-discuss] HSTS screw?, Mike Gerwitz, 2016/10/13
- Re: [Repo-criteria-discuss] Savannah and HTTPS, Mike Gerwitz, 2016/10/10
Re: [Repo-criteria-discuss] [Savannah-hackers-public] Savannah and HTTPS, Paul Smith, 2016/10/10