#insecureconnectionwarning — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #insecureconnectionwarning, aggregated by home.social.
-
@BleepingComputer : when using untrustworthy networks, use a browser that supports "warn for insecure connections" - and enable it (my advice: do both anyway).
Note that it is near-impossible to redirect an https connection without a certificate error - until said connection has been successfully set up. After that happens, only the target website can redirect the browser.
• Firefox uses a stupid name: "HTTPS-only". That's misleading because it only means that you'll be warned for insecure http connections (which can be enforced and hijacked by an evil twin, when not demanding https).
• Chrome on Android is stupid too: "Always use secure connections" (default: off). Also we'll have to wait one more year for this to become the default: https://security.googleblog.com/2025/10/https-by-default.html.
• Safari on iOS/iPadOS: "Not Secure Connection Warning" (also off by default).
To test: open http://http.badssl.com - your browser should warn you (instead of showing the web page), but allow you to use http.
Important: most browsers will *remember* your choice to allow an insecure connection to a specific website (based on the domain name). The criteria to "forget" such an exception vary per browser.
#AitM #MitM #EvilTwin #HTTPSonly #InsecureConnectionWarning #Firefox #Chrome #Safari