info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
It's the end of the web as we know it, and I don't feel fine.
40 views
Skip to first unread message
superkuh
Nov 17, 2020, 12:38:35 PM11/17/20
to
HTTPS only comes from a good place. People want privacy from their
governments' pervasive spying. Unfortunately, by going full retard and
not allowing HTTP combined with the centralized nature of cert
authorities, this privacy push has and will result in a situation that
absolutely delights those same central governments. Because now they
will have full control of who can speak and who can not.
https://blog.mozilla.org/security/2020/11/17/firefox-83-introduces-https-only-mode/
I give it about 3 years before all massive commercial browsers stop
allowing you to visit HTTP sites at all and Firefox only allows if you
use their unstable beta build.
HTTPS only, transport layer security only (for IRC, for SMTP, for HTTP,
etc), will be the end of personal autonomy on the internet. There are
only a handful of cert authories that actually get used as as each of
those get bigger they become more easily corrupted by money and external
government influence. We saw it with dot org. I doubt LetsEncrypt will
be significantly more robust over the same time scales.
HTTPS only is insidious. The very people we've come to trust are working
for our privacy are now working to solidify and centralize a system that
allows for a few big players to decide on whim (or otherwise) who can
speak. And it has to stop.
governments' pervasive spying. Unfortunately, by going full retard and
not allowing HTTP combined with the centralized nature of cert
authorities, this privacy push has and will result in a situation that
absolutely delights those same central governments. Because now they
will have full control of who can speak and who can not.
https://blog.mozilla.org/security/2020/11/17/firefox-83-introduces-https-only-mode/
I give it about 3 years before all massive commercial browsers stop
allowing you to visit HTTP sites at all and Firefox only allows if you
use their unstable beta build.
HTTPS only, transport layer security only (for IRC, for SMTP, for HTTP,
etc), will be the end of personal autonomy on the internet. There are
only a handful of cert authories that actually get used as as each of
those get bigger they become more easily corrupted by money and external
government influence. We saw it with dot org. I doubt LetsEncrypt will
be significantly more robust over the same time scales.
HTTPS only is insidious. The very people we've come to trust are working
for our privacy are now working to solidify and centralize a system that
allows for a few big players to decide on whim (or otherwise) who can
speak. And it has to stop.
superkuh
Nov 17, 2020, 12:40:22 PM11/17/20
to
And no, self-signed certs won't be the solution. Most browsers already
put up giant scaremongering warnings about self-signed certs. It won't
be too long until they're not allowed at all in the big corporate browsers.
put up giant scaremongering warnings about self-signed certs. It won't
be too long until they're not allowed at all in the big corporate browsers.
Pinku Basudei
Dec 3, 2020, 2:56:35 PM12/3/20
to
On Tue, 17 Nov 2020 11:39:48 -0600
superkuh <supe...@superkuh.com> wrote:
>
> I give it about 3 years before all massive commercial browsers stop
> allowing you to visit HTTP sites at all and Firefox only allows if you
> use their unstable beta build.
>
Their blog says you can turn it off for now but as you say this may change in the future. The tech savvy can probably find a browser that allows http but the average user will just stick with what's comes with their phone.
superkuh <supe...@superkuh.com> wrote:
>
> I give it about 3 years before all massive commercial browsers stop
> allowing you to visit HTTP sites at all and Firefox only allows if you
> use their unstable beta build.
>
The happy wild west of 90's web is gone and tech companies that been working hard ever since on centralizing it in the name of safety but it's really about $$$ and who has more cash at their disposal than nation states? Amazon and Alphabet perhaps but other than that not many.
--
/ Pinku
Joe Blow
Dec 26, 2020, 4:17:27 PM12/26/20
to
On Tue, 17 Nov 2020 11:39:48 -0600, superkuh wrote:
> HTTPS only is insidious. The very people we've come to trust are working
> for our privacy are now working to solidify and centralize a system that
> allows for a few big players to decide on whim (or otherwise) who can
> speak. And it has to stop.
Browsers not using http doen't bother me much. You don't have to use an
> HTTPS only is insidious. The very people we've come to trust are working
> for our privacy are now working to solidify and centralize a system that
> allows for a few big players to decide on whim (or otherwise) who can
> speak. And it has to stop.
up-to-date browser. You don't even have to use a graphical one. Lynx is
100% free of all javascript exploits because it doesn't use Javascript.
My worry comes when the powers that be start forcing ISPs to monitor all
traffic and disallow unapproved traffic e.g. Tor onion services or other
services that are unable to be policed efficiently (usenet, irc).
superkuh
Dec 27, 2020, 9:06:52 PM12/27/20
to
The problem is that everyone else isn't going to be using a browser that
supports HTTP. So that means when you try to host a webserver from home
you either tether yourself to the whims of a certificate authority and
run HTTPS, go self-signed and have the browsers reject you anyway, or
just not care that the web is splintering into parts and that your
website will only be accessible to a small minority of geeks. I can
understand the last one but I don't want to give up on the web yet.
Regular users need to be able to access HTTP sites.
supports HTTP. So that means when you try to host a webserver from home
you either tether yourself to the whims of a certificate authority and
run HTTPS, go self-signed and have the browsers reject you anyway, or
just not care that the web is splintering into parts and that your
website will only be accessible to a small minority of geeks. I can
understand the last one but I don't want to give up on the web yet.
Regular users need to be able to access HTTP sites.
superkuh
Dec 31, 2020, 5:31:07 PM12/31/20
to
As of the latest Firefox release, 84, they have HTTPS Everywhere always
enabled and set in such a way to scaremonger and require user action
before HTTP sites are shown. This is the same way that self-signed certs
were eventually killed in corpoarate browsers.
https://blog.mozilla.org/blog/2020/12/15/our-year-in-review-how-weve-kept-firefox-working-for-you-in-2020/
>HTTPS-Only mode ... will also ask for your permission before
connecting to a website if it doesn't support secure connections.
I thought I was being very aggressive in my estimate of 3 years. But it
turns out it might happen even faster than that.
enabled and set in such a way to scaremonger and require user action
before HTTP sites are shown. This is the same way that self-signed certs
were eventually killed in corpoarate browsers.
https://blog.mozilla.org/blog/2020/12/15/our-year-in-review-how-weve-kept-firefox-working-for-you-in-2020/
>HTTPS-Only mode ... will also ask for your permission before
connecting to a website if it doesn't support secure connections.
I thought I was being very aggressive in my estimate of 3 years. But it
turns out it might happen even faster than that.
ajxs
Feb 27, 2021, 10:08:30 PM2/27/21
to
You've raised a really good point about the susceptibility of
certificate authorities to coercion. Don't forget that there's still a
lot of alternative web protocols without such issues that are accessible
through other means: Gemini, Gopher, freenet, .onion, etc.
Firefox and Chrome, despite these organisations becoming increasingly
threatening to online freedom, are still open-source software. Don't
forget that there are forks of these projects designed to support online
freedom, such as GNU IceCat or Brave.
I agree with the overall sentiment that we are heading towards a more
_cyberpunk_ future with regards to how we access information. The future
of decentralised information access might come in more novel forms than
you think.
certificate authorities to coercion. Don't forget that there's still a
lot of alternative web protocols without such issues that are accessible
through other means: Gemini, Gopher, freenet, .onion, etc.
Firefox and Chrome, despite these organisations becoming increasingly
threatening to online freedom, are still open-source software. Don't
forget that there are forks of these projects designed to support online
freedom, such as GNU IceCat or Brave.
I agree with the overall sentiment that we are heading towards a more
_cyberpunk_ future with regards to how we access information. The future
of decentralised information access might come in more novel forms than
you think.
d...@inanna.eanna.net
Aug 27, 2021, 3:34:29 PM8/27/21
to
Surf, are very good browsers for Lynx fans.
I'm using Firefox 91. In Settings just select -- Don???t enable HTTPS-Only
Mode. No problem.
--
(__) Sourcerer
/(<>)\ O|O|O|O||O||O
\../ |OO|||O|||O|| Cyberpunk's not dead. It's just not
|| OO|||OO||O||O fiction anymore...
rtr
Nov 26, 2021, 7:35:24 AM11/26/21
to
On Tue, 17 Nov 2020 11:39:48 -0600
mandatory then the ones who can issue certs has the say to who has the
right to exist on the internet. I think it's also worth noting that
there are alternative protocols but it's really something of a moot
point.
It's nice to have alternatives to exist once the web becomes really
uninhabitable but I hope it doesn't get to reach to that point.
rtr
Nov 26, 2021, 7:39:58 AM11/26/21
to
use HTTP since no one's going to see your site anyway.
rtr
Nov 26, 2021, 7:43:14 AM11/26/21
to
development of the web and web browsers have become prohibitive such
that only a few giant entities have the capacity or the resource to
produce a web browser. If only a web browser can be more easily
developed but is still user friendly and doesn't break "normie" sites
then it would be good.
0 new messages