top | item 13985785 (no title) fowlerpower | 9 years ago Why not the contents? What happens when most content is not over a secure connection such e.g. Over HTTP? Could they not inspect the content?It sure seems like they could. For most people most of the internet is still insecure. discuss order hn newest mbel|9 years ago Yeah, the closer analogy would be FedEx selling information about content of your packages unless they are shipped in some kind of locked strong box. Crespyl|9 years ago They can and do. I recall instances where some ISPs even went so far as to inject advertising HTML directly into pages sent over HTTP. gregmac|9 years ago Why not HTTPS? There are ways to do MITM proxing that re-encrypt traffic. As a customer, you just need to install their CA certificate.Or slightly worse, they could get browser vendors to include their CA (or pass legislation to force this).What prevents this from happening?In mobile, where the carrier controls everything (the network, the OS) it's not unlikely this is already happening. pythonaut_16|9 years ago I know for me personally I already assume anything over a non-HTTPS or non-secured protocol will be received and possibly read by anyone and everyone. falcolas|9 years ago You forgot "and changed". Injected ads, injected JavaScript, replaced ads... This has been occurring, and without protections against it, it will continue to occur.
mbel|9 years ago Yeah, the closer analogy would be FedEx selling information about content of your packages unless they are shipped in some kind of locked strong box.
Crespyl|9 years ago They can and do. I recall instances where some ISPs even went so far as to inject advertising HTML directly into pages sent over HTTP.
gregmac|9 years ago Why not HTTPS? There are ways to do MITM proxing that re-encrypt traffic. As a customer, you just need to install their CA certificate.Or slightly worse, they could get browser vendors to include their CA (or pass legislation to force this).What prevents this from happening?In mobile, where the carrier controls everything (the network, the OS) it's not unlikely this is already happening.
pythonaut_16|9 years ago I know for me personally I already assume anything over a non-HTTPS or non-secured protocol will be received and possibly read by anyone and everyone. falcolas|9 years ago You forgot "and changed". Injected ads, injected JavaScript, replaced ads... This has been occurring, and without protections against it, it will continue to occur.
falcolas|9 years ago You forgot "and changed". Injected ads, injected JavaScript, replaced ads... This has been occurring, and without protections against it, it will continue to occur.
mbel|9 years ago
Crespyl|9 years ago
gregmac|9 years ago
Or slightly worse, they could get browser vendors to include their CA (or pass legislation to force this).
What prevents this from happening?
In mobile, where the carrier controls everything (the network, the OS) it's not unlikely this is already happening.
pythonaut_16|9 years ago
falcolas|9 years ago