flak rss random

tiny downside to encrypting all web traffic

The cool thing to do is encrypt all your network traffic. This used to be cool, but it’s even cooler now. I don’t really see much point to encrypting your nytimes.com visits, but I guess some people don’t like others knowing what kinds of news articles they read. (We all know you just read the gossip columns.) Anyway, the downside is minimal to non-existent, so go for it.

But wait! I was reading about The Dictionary of Numbers and got to the downside mentioned at the end. The browser extension was also modifying the text of a bank statement. Ordinarily, I’d say the easy thing is to only use amusing extensions on http, but not https, sites. How does that work in the brave new world of all https all the time?

Used to be https served a dual role as a signifier of serious business. Now it doesn’t, but we haven’t really replaced it. True enough, it was never a reliable signifier, and maybe the best thing to do if running with a dozen funny extensions is use a different browser (profile) for serious business.

I wonder how this affects phishing. When “https is secure, make sure your bank uses https” permeates into the general conscience, does it become “if everything is https, everything is secure“? Does the prevalence of https inspire false confidence in the web or will people learn that https was never a good signal for determining the legitimacy of a (possibly forged) web site?

Posted 01 Jul 2013 17:15 by tedu Updated: 01 Jul 2013 17:15
Tagged: security thoughts web