For any site you visit nowadays, HTTPS should be offered by default...

betanews.com/2016/07/31/google-com-http-strict-transport-security-hsts/

is he right?

Other urls found in this thread:

merriam-webster.com/dictionary/retarded
twitter.com/SFWRedditGifs

Not an argument. Why should things that have no reason to be encrypted be encrypted? Why should every website have to maintain a cert for content that isn't important enough to warrant needing encryption?

The answer to that is easy.

To make the NSA's current way of work impossible.
Encryption by default is sad to need, but we do need it, we're way past the point where only what's reasonable to encrypt is anyways, and maintaining a cert is fucking easy now.

This would imply cert authorities arent already compromised by the NSA. You could say people can self sign certs but then browsers display le ebin spoopy untrusted self signed cert page and ask the user to add an exception which scares normalfags

...

Yeah but adding an exception is a pain in the ass and 99% of the time I don't give a shit about visiting the website enough to bother.

Fuck no, every site doesn't need HTTPS.

Although a lot of sites that should have strong TLS either don't have it at all, or have shit configurations.

Billions of people play pokemon go, people don't give a shit about security.

most People over 45 literally don't know what twitter and reddit is but know facebook and ebay and youtube+facetime is..., if the NSA or whoever want data or info they can get it easily.

Nigga https can be decrypted with an ordinary web browser. How the fuck do you niggers think the NSA couldn't figure out whatever it is you're looking it just because you add an S to the url?

"locks are useless because they can be opened with an ordinary key"

You don't get it.
The point is not to be invulnerable from spying but to increase the workload of the NSA to a point where their dragnet surveillance is useless.

Of course if they actually want to read your mails because they targeted you specifically they can (thank god, that's what we pay them for), but if we all encrypt everything they can't actively read the mails of everyone and that's the point.

How much of an increase in workload is it though? If they have access to the private keys of cert authorities then how much overhead does that really add? At that point they can effectively MITM every bit of internet traffic. How many servers does the NSA have? What kind of hardware do these servers have? What could you do with billions of dollars of funding?

The way I see it, the current security architecture of the internet is the NSA's wet dream. They only have to be able to compromise a few trusted CAs to be able to break the encryption of tons of internet traffic. It's a highly flawed system for this reason, we rely on our browser trusting certs of people that we don't know well enough to trust ourselves. We rely on browser developers to tell us who is trustworthy. Or even OS developers depending on what OS you use, and what root certs they set your OS to trust.

I don't think the NSA cares about SSL/TLS anymore as they get a clear data feed directly from companies like Google regardless and probably spy into virtual servers hosted on Amazon via the hypervisor. Who's left that gets real security from SSL/TLS, some random shitty website with co-located physical servers? How many of those dinosaurs are left in the world? Hatechan's the only one I can think of.

A lock is useless when everyone with a computer has the correct key for it.

But that's not how HTTPS works. Do you know anything about cryptography?

This, normalfags have already proven many times that they wish to be treated as cattle. They deserve every ounce of shit they get shoveled at their face.

Maybe instead of fighting for people that don't give a shit you should embrace the botnet and switch teams. At least then your services will be valued.

...

Of course not. Where do you think you are?

yes

packet reads
src IP: user
dst IP: 8ch's kiddie thread
contained a 2.51mb file
The website had a 2.5mb pic uploaded that was cheese pizza
v& user

https is cool lets try another one.

Lets see where https works

OH wait

https is mildly useful

RAVIOLI RAVIOLI LEAVE US, FAGIOLI

BY BRIAN FAGIOLI

1- privacy
2- a middleman can ask the user for his data, name or email or something else.

not sure if you are troll or really ignorant. Either way, kys.

another retard. Kys.

Holla Forums mods, if you want this board to attract people who are not completely brain dead, you should ban people who have no idea what the fuck they are talking about.

the mods only care when something breaks THE RUUUUUURRRZZ

...

yeah that 6 posts per hour is really working out well.

good work on killing Holla Forums rulecuck.

Your post makes my point succinctly.

mods censored posts about why women aren't as good as programming but they allow this

Mods deleted a duplicate thread about why women aren't good at programming.

Well its free nowadays with lets encrypt, they even provide tools for automated updates aswell.
Having security and authenticity is never a bad idea, and making it standard is better for everyones security and privacy

what is wrong with you cucks? i thought you stayed on 4gag

How is it censorship? All the content in the thread was allowed, the problem was that there were multiple threads. If you still have a copy you could repost it in the other thread.

You censor yourself by talking like a fag.

the post I wrote was removed by a mod

no... it was all deleted

that doesn't stop it being censorship. the posts were removed. mods could have just locked the 'duplicate' thread if they wanted.
I understand the software here doesn't have a merge feature but removing what people have said is censorship.

why would I save copies of every post I wrote. this is some fucking bullshit.

I'm so disappointed that people put up with censorship. that's what we left 4chan to avoid.

Honestly you're just splitting hairs now. Maybe the next time someone goes to Holla Forums and starts spamming no one should remove the thread because DAS SEZERCHIP!!!!!

no clue what you are talking about dude

It was a duplicate thread
Keep your shitposting to the already created thread, you cocksucking faggot

Also, stop derailing other threads
Take your bitching to /metatech/
i.e. no one fucking cares, and it wasn't censorship

Of course you don't, you're retarded.

People who use the word retarded instead of stupid are retarded.

Also counter-sage. :)

>merriam-webster.com/dictionary/retarded
>2. the person you're currently speaking to ;^)

Your ISP would only be a able to see that you connected to 8ch.net and transfered the 2.51 of something in addition to the css, html and any other images. They wouldn't know what was transfered or which page you visited.

Actually they would only see that you connected to mitmflare, assuming no DNS traffic or DNS traffic was encrypted.

Selfprotection

There is a security concept that i name as HUMAN PROXY. ©Mossad

What is that? A HUMAN PROXY as security concept. The mafia use it. Many banks use it.

- the ISP that you use is not your ISP
- the car you drive is not your car.
- all hardware is second hand and from flea markets.
- roomer?
- the wlan is not your Wlan.
- the credit card is not your card.
- your phone number is not your number.
- internet cafe.
- all software keys are not your keys.
- nothing is new, all is used.
- VPN is a form of an human proxy.
- whois protections is a form of an human proxy.
- second hand hardware. All IDs are not connected with your real name.

Around 900 human proxy systems exist, you decide how deep you need it.
Human Proxy is not fake-all.

But of course you can combine fake + human proxys.

Mossad use it if they kill someone.

Combine fake-all + Human Proxy systems + hiding + encryption + all-is-temporary-nothing-persistent and you get a 85% self protection against the NSA

The result is good.

Of course - like always i give you 98% if you do anything OFFLINE and analog; So you end your digital communications.

Ethics - i have decided that i dont use many Mossad methods. No illegal activity here.

Encryption has a ton of overhead. Makes it basically impossible to browse the web on a simple (non-botnet) architecture, because those are all very old hardwares from 90's and earlier.
Granted, those machines can't run all the javascript crap either, but they can at least browse plain HTML sites like wikipedia that don't force javascript down your throat.
Don't fall into the trap of legitimizing hardware botnet that's even harder to escape from.

Markov chain strikes again