----------------------------------------------------------------------------------
@MSGID: 1@dont-email.me> d7c4d3dc
@REPLY: sOsa.391958@fx04.ams4>
cb6bc216
@REPLYADDR Dave Froble <davef@tsoft-inc.com>
@REPLYTO 2:5075/128 Dave Froble
@CHRS: CP866 2
@RFC: 1 0
@RFC-Message-ID: 1@dont-email.me>
@RFC-References: 1@dont-email.me>
1@dont-email.me> 1@dont-email.me> 2@dont-email.me>
1@dont-email.me> 1@dont-email.me> 1@dont-email.me>
4@news.misty.com> <km8obaF8emlU19@mid.individual.net> 1@dont-email.me>
2@news.misty.com> 1@dont-email.me>
<2c1a44c1-b8ce-490e-9b39-99b0e0283455n@googlegroups.com> sOsa.391958@fx04.ams4>
@TZUTC: -0400
@PID: Mozilla/5.0 (Windows NT 5.1; rv:45.0)
Gecko/20100101 Thunderbird/45.8.0
@TID: FIDOGATE-5.12-ge4e8b94
On 9/27/2023 9:30 PM, Johann `Myrkraverk` Oskarsson wrote:
> On 9/12/2023 3:08 AM, gah4 wrote:
>> On Monday, September 11, 2023 at 10:58:31 AM UTC-7, Simon Clubley wrote:
>>
>> (snip)
>>
>>> And when that happens (and it does sometimes happen), that issuer has just
>>> committed suicide if it can be shown to be incompetence on the part of the
>>> issuer. CAs have been dropped in the past from the major web browsers
>>> because of this, but I can`t remember the details.
>>
>>> (Other possibilities include a nation-state attack with a vector the issuer
>>> could not reasonably have been aware of).
>>
>> This often enough happens when there isn`t much trust needed.
>>
>> If I want to download some documentation, so that no personal
>> information is needed, why the security?
>
> [I`m late in the game, but not so late a reply isn`t worth it.]
>
> The real reason for SSL everywhere is, putting my tinfoil hat on, to
> make sure ISPs can`t mess with Google`s business model: sell ads.
>
> People who`ve never experienced it, can`t really imagine it, but HTML
> injection used to be a thing, and ISPs would inject ads on pages their
> customers browsed, possibly replacing the Google ads.
>
> My own experience -- when I noticed it -- was rather benign: the cafe`s
> wifi bill hadn`t been paid, and since I was browsing a http only website
> at the time, I got the notification, and showed the staff.
>
> Xah Lee has a screenshot on his website, of the problem in action.
>
>
http://xahlee.info/w/china_ISP_ad_injection.html
>
> And a link to Ars Technica article from 2013 on the subject. Which is
> coincidentally the same time frame letsencrypt started. I remember
> reading about letsencrypt in 2013 or so, but it wasn`t ready yet, so I
> couldn`t use it for my own website at the time.
>
> My personal take on it is this: it`s much more believable that it`s all
> about Google`s business model than end user security, but we`re being
> told it`s about security, as a psyop.
>
> [snip]
>
Q-anon would be proud ...
--
David Froble Tel: 724-529-0450
Dave Froble Enterprises, Inc. E-Mail:
davef@tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA 15486
--- Mozilla/5.0 (Windows NT 5.1; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
* Origin: A noiseless patient Spider (2:5075/128)
SEEN-BY: 5001/100 5005/49 5015/255 5019/40 5020/715
848 1042 4441 12000
SEEN-BY: 5030/49 1081 5075/128
@PATH: 5075/128 5020/1042 4441