@Wolf480pl @ayo That's fair. :) Users and servers that might be more susceptible to these kinds of attacks probably should be using HTTPS (and other methods for verification and security). For a personal, self-run blogging site I imagine it would be less of an issue if HTTPS were made optional.

**Softwarewolf** @faoluin@chitter.xyz · Aug 19, 2019, 20:58

**Softwarewolf** @faoluin@chitter.xyz · Aug 19, 2019, 20:58

Aug 19, 2019, 20:58

Softwarewolf @faoluin@chitter.xyz

@Wolf480pl @ayo (Note that I'm not /against/ the use of HTTPS in most cases, I'm just not totally convinced that it's necessary in every single case. I'm also not convinced that removing HTTP as an option is necessary unless downgrade attacks are a real concern.)

**Softwarewolf** @faoluin@chitter.xyz · Aug 19, 2019, 20:57

**Softwarewolf** @faoluin@chitter.xyz · Aug 19, 2019, 20:57

Aug 19, 2019, 20:57

Softwarewolf @faoluin@chitter.xyz

@Wolf480pl @ayo Both of those scenarios are theoretically possible, but how likely are they? The attacker would have to know which site (or sites) I'm going to visit to get that information. And if they are modifying the outgoing content for other users, surely someone would notice an issue with the incorrect information. Right? It just seems like there are easier and more viable ways of making me late or phishing for my information.

**Softwarewolf** @faoluin@chitter.xyz · Aug 19, 2019, 20:25

**Softwarewolf** @faoluin@chitter.xyz · Aug 19, 2019, 20:25

Aug 19, 2019, 20:25

Softwarewolf @faoluin@chitter.xyz

@Wolf480pl @ayo That's certainly valid for downloadable programs (which could be verified with a hash anyway) or account information. Is there any gain in spoofing things over the wire that are public and verifiable, such as reference material?

**Softwarewolf** @faoluin@chitter.xyz · Aug 19, 2019, 20:11

**Softwarewolf** @faoluin@chitter.xyz · Aug 19, 2019, 20:11

Aug 19, 2019, 20:11

Softwarewolf @faoluin@chitter.xyz

@Wolf480pl @ayo I can see why it might not be necessary in some situations like accessing public information that doesn't require any kind of personal info from the user. An admittedly niche case might be a public code repository cross reference, where https could slow things down noticeably.

**Softwarewolf** · Aug 19, 2019, 19:23

Softwarewolf boosted

**boldly** @boldly@botsin.space · Aug 19, 2019, 19:23

Aug 19, 2019, 19:23

boldly @boldly@botsin.space

WHAT

00f77234ed320af0.png

**Softwarewolf** @faoluin@chitter.xyz · Aug 19, 2019, 19:08

**Softwarewolf** @faoluin@chitter.xyz · Aug 19, 2019, 19:08

Aug 19, 2019, 19:08

Softwarewolf @faoluin@chitter.xyz

@mintey I feel you, I really do.

**Softwarewolf** @faoluin@chitter.xyz · Aug 19, 2019, 18:13

**Softwarewolf** @faoluin@chitter.xyz · Aug 19, 2019, 18:13

Aug 19, 2019, 18:13

Softwarewolf @faoluin@chitter.xyz

@danfoxx Happe birfday

**Softwarewolf** @faoluin@chitter.xyz · Aug 19, 2019, 17:53

**Softwarewolf** @faoluin@chitter.xyz · Aug 19, 2019, 17:53

Aug 19, 2019, 17:53

Softwarewolf @faoluin@chitter.xyz

If you're an indie game dev, do yourself and your fans a favor and stay away from Stadia exclusives. No matter how much Google pays you, it's not worth it.