home.social

#httpseverywhere — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #httpseverywhere, aggregated by home.social.

  1. HTTP or HTTPS?

    I'm building a new static website, minimalist design etc, mostly about my hobbies and interests. Although, who knows, maybe in the future I will cover more controversial topics ...

    Is there any good reason *not* to use HTTPS?

    #http #https #httpseverywhere

  2. HTTP or HTTPS?

    I'm building a new static website, minimalist design etc, mostly about my hobbies and interests. Although, who knows, maybe in the future I will cover more controversial topics ...

    Is there any good reason *not* to use HTTPS?

    #http #https #httpseverywhere

  3. HTTP or HTTPS?

    I'm building a new static website, minimalist design etc, mostly about my hobbies and interests. Although, who knows, maybe in the future I will cover more controversial topics ...

    Is there any good reason *not* to use HTTPS?

    #http #https #httpseverywhere

  4. HTTP or HTTPS?

    I'm building a new static website, minimalist design etc, mostly about my hobbies and interests. Although, who knows, maybe in the future I will cover more controversial topics ...

    Is there any good reason *not* to use HTTPS?

    #http #https #httpseverywhere

  5. HTTP or HTTPS?

    I'm building a new static website, minimalist design etc, mostly about my hobbies and interests. Although, who knows, maybe in the future I will cover more controversial topics ...

    Is there any good reason *not* to use HTTPS?

    #http #https #httpseverywhere

  6. FEDI SECURITY ISSUE (please boost)

    When we attempted to access a page at fediverse.party recently, we were served a page with an insecure connection, this is despite using #TorBrowser, which supposedly has #HttpsEverywhere?

    So does anyone know what is going on here? Is fediverse.party susceptible to a #downgradeAttack?

    Please boost so we can get to the bottom of it.

  7. Es kommt vor, dass ich durch Browser Fremder das Internet betrachte und dabei regelrecht erschrecke. Daran merke ich, wie sehr ich daran gewöhnt bin, das Netz gefiltert durch die von mir installierten Browser-Erweiterungen zu betrachten. Viele Menschen wissen überhaupt nicht, wie leicht es ist, schöner zu browsen. ...

    #Adblocker #Bitwarden #Browser #Cookies #Decentraleyes #Erweiterung #HTTPSEverywhere #Mailvelope #Passwordsafe #PrivacyBadger #Tracker #uBlockOrigin

    svenbrier.de/7-browser-erweite

  8. Maybe noteworthy to some:

    If you see "https-rulesets​.org" in your #DNS logs going forward, there's a #browser somewhere on your network that needs attention.

    The #HTTPSEverywhere browser extension, which was retired a couple years ago by EFF, periodically checked "https-rulesets​.org" for updates. That domain expired this week and got snatched up by a squatter. I don't think it resolved at all for most of 2024 and nothing should be querying it now.

  9. Maybe noteworthy to some:

    If you see "https-rulesets​.org" in your #DNS logs going forward, there's a #browser somewhere on your network that needs attention.

    The #HTTPSEverywhere browser extension, which was retired a couple years ago by EFF, periodically checked "https-rulesets​.org" for updates. That domain expired this week and got snatched up by a squatter. I don't think it resolved at all for most of 2024 and nothing should be querying it now.

  10. Maybe noteworthy to some:

    If you see "https-rulesets​.org" in your #DNS logs going forward, there's a #browser somewhere on your network that needs attention.

    The #HTTPSEverywhere browser extension, which was retired a couple years ago by EFF, periodically checked "https-rulesets​.org" for updates. That domain expired this week and got snatched up by a squatter. I don't think it resolved at all for most of 2024 and nothing should be querying it now.

  11. Maybe noteworthy to some:

    If you see "https-rulesets​.org" in your #DNS logs going forward, there's a #browser somewhere on your network that needs attention.

    The #HTTPSEverywhere browser extension, which was retired a couple years ago by EFF, periodically checked "https-rulesets​.org" for updates. That domain expired this week and got snatched up by a squatter. I don't think it resolved at all for most of 2024 and nothing should be querying it now.

  12. This push for #HTTPSEverywhere would've been perfectly fine if it just focused on #HTTPS / #TLS / #SSL as an option always available. But no, it also pushed for it to be mandatory (even if it doesn't make sense if you look at the #threatmodel), and as a result pretty much everything in the #web cannot be accessed with a #browser that doesn't have an up-to-date enough TLS support. Which is fine I guess if you're on a modern computer anyway, but a pain if you're on #retrocomputing. ​:seija_coffee:​

    The
    #LetsEncrypt #centralization is also a serious concern, which is why I avoided using it for my #VPS.

    RE:
    https://hamishcampbell.com/a-balanced-and-pragmatic-approach-to-native-openweb-security/

  13. This push for #HTTPSEverywhere would've been perfectly fine if it just focused on #HTTPS / #TLS / #SSL as an option always available. But no, it also pushed for it to be mandatory (even if it doesn't make sense if you look at the #threatmodel), and as a result pretty much everything in the #web cannot be accessed with a #browser that doesn't have an up-to-date enough TLS support. Which is fine I guess if you're on a modern computer anyway, but a pain if you're on #retrocomputing. ​:seija_coffee:​

    The
    #LetsEncrypt #centralization is also a serious concern, which is why I avoided using it for my #VPS.

    RE:
    https://hamishcampbell.com/a-balanced-and-pragmatic-approach-to-native-openweb-security/

  14. This push for #HTTPSEverywhere would've been perfectly fine if it just focused on #HTTPS / #TLS / #SSL as an option always available. But no, it also pushed for it to be mandatory (even if it doesn't make sense if you look at the #threatmodel), and as a result pretty much everything in the #web cannot be accessed with a #browser that doesn't have an up-to-date enough TLS support. Which is fine I guess if you're on a modern computer anyway, but a pain if you're on #retrocomputing. ​:seija_coffee:​

    The
    #LetsEncrypt #centralization is also a serious concern, which is why I avoided using it for my #VPS.

    RE:
    https://hamishcampbell.com/a-balanced-and-pragmatic-approach-to-native-openweb-security/

  15. This push for #HTTPSEverywhere would've been perfectly fine if it just focused on #HTTPS / #TLS / #SSL as an option always available. But no, it also pushed for it to be mandatory (even if it doesn't make sense if you look at the #threatmodel), and as a result pretty much everything in the #web cannot be accessed with a #browser that doesn't have an up-to-date enough TLS support. Which is fine I guess if you're on a modern computer anyway, but a pain if you're on #retrocomputing. ​:seija_coffee:​

    The
    #LetsEncrypt #centralization is also a serious concern, which is why I avoided using it for my #VPS.

    RE:
    https://hamishcampbell.com/a-balanced-and-pragmatic-approach-to-native-openweb-security/

  16. This push for #HTTPSEverywhere would've been perfectly fine if it just focused on #HTTPS / #TLS / #SSL as an option always available. But no, it also pushed for it to be mandatory (even if it doesn't make sense if you look at the #threatmodel), and as a result pretty much everything in the #web cannot be accessed with a #browser that doesn't have an up-to-date enough TLS support. Which is fine I guess if you're on a modern computer anyway, but a pain if you're on #retrocomputing. ​:seija_coffee:​

    The
    #LetsEncrypt #centralization is also a serious concern, which is why I avoided using it for my #VPS.

    RE:
    https://hamishcampbell.com/a-balanced-and-pragmatic-approach-to-native-openweb-security/

  17. I wonder how many companies have gone out of business simply because they didn't use https for their websites.

    #httpseverywhere

  18. I wonder how many companies have gone out of business simply because they didn't use https for their websites.

    #httpseverywhere

  19. I wonder how many companies have gone out of business simply because they didn't use https for their websites.

    #httpseverywhere

  20. I wonder how many companies have gone out of business simply because they didn't use https for their websites.

    #httpseverywhere

  21. I wonder how many companies have gone out of business simply because they didn't use https for their websites.

    #httpseverywhere

  22. DYN that by default #Azure #functions do not enforce #HTTPS only? Rather you must configure HTTP to redirect to HTTPS.

    Also, interestingly enough I found this factoid in an Azure Docs section on VNet integration.

    #httpseverywhere #appsec #security #cybersecurity #cloudsecurity

  23. DYN that by default #Azure #functions do not enforce #HTTPS only? Rather you must configure HTTP to redirect to HTTPS.

    Also, interestingly enough I found this factoid in an Azure Docs section on VNet integration.

    #httpseverywhere #appsec #security #cybersecurity #cloudsecurity

  24. Setting up #mastodon has gotten me to get my #email working. I've kinda been procrastination about it.

    I've got everything working fine until I got to #dovecot it's saying my #ssl #certificate is bad. It's a #httpseverywhere cert, so it should be good. Works on my browser.

    Help?

  25. Setting up #mastodon has gotten me to get my #email working. I've kinda been procrastination about it.

    I've got everything working fine until I got to #dovecot it's saying my #ssl #certificate is bad. It's a #httpseverywhere cert, so it should be good. Works on my browser.

    Help?

  26. La morte di Peter Eckersley, il fondatore di Let's Encrypt, ha sconvolto gli informatici di tutto il mondo

    poliverso.org/display/0477a01e

  27. La morte di Peter Eckersley, il fondatore di Let's Encrypt, ha sconvolto gli informatici di tutto il mondo

    poliverso.org/display/0477a01e

  28. La morte di Peter Eckersley, il fondatore di Let's Encrypt, ha sconvolto gli informatici di tutto il mondo

    poliverso.org/display/0477a01e

  29. pretends to improve the privacy by replacing some common JS libraries served through CDNs with locally stored copies. Not really sure how important the effect is (e.g. what fraction of all CDN requests is blocked this way), but it never broke any site for me, hence why not?

    ensures that all sites supporting SSL connection do actually use it. A few years ago I took care to write the rules for my favorite sites myself. Now everything works mostly out of box.

  30. #DecentralEyes pretends to improve the privacy by replacing some common JS libraries served through CDNs with locally stored copies. Not really sure how important the effect is (e.g. what fraction of all CDN requests is blocked this way), but it never broke any site for me, hence why not?

    #HTTPSEverywhere ensures that all sites supporting SSL connection do actually use it. A few years ago I took care to write the rules for my favorite sites myself. Now everything works mostly out of box.

  31. @lauteshirn

    Auf dem Handy habe ich browserunabhängig #Blokada, #Warden, #UntrackMe und #AFWall.

    In Fennec #ublockorigin, #httpseverywhere, #decentraleyes und #bitwarden.

    Die Geräte von Frau und K1 sind genauso eingerichtet.

    Eine Zeitlang hatte ich noch #Shelter am laufen aber das hat irgendwann Probleme verursacht... Ich weiß nur leider nicht mehr, welche. :-/

  32. @lauteshirn

    Auf dem Handy habe ich browserunabhängig #Blokada, #Warden, #UntrackMe und #AFWall.

    In Fennec #ublockorigin, #httpseverywhere, #decentraleyes und #bitwarden.

    Die Geräte von Frau und K1 sind genauso eingerichtet.

    Eine Zeitlang hatte ich noch #Shelter am laufen aber das hat irgendwann Probleme verursacht... Ich weiß nur leider nicht mehr, welche. :-/