top | item 8418912

(no title)

partkyle | 11 years ago

> A student should be able to browse for information on depression without their principal knowing it, a dissident should be able to research how to avoid national firewalls without their government knowing it, and anyone who damn well pleases should be able to read whatever they like without their ISP knowing it.

If you just redirect all of the http traffic this isn't entirely helpful to these people. The original request is sent in clear text and redirected.

discuss

Mandatum|11 years ago

We'd assume they'd be using HTTPS, you can't redirect HTTPS traffic without serving an invalid certificate which most browsers will warn you of. Or a forged cert, but that's harder to do.

chronid|11 years ago

Unfortunately HTTPS is unable to protect you in a school/office setting, or wherever you use a computer provided to you by someone else. In those cases, certificates can (and will) be forged very easily.