Welcome, Guest | Home | Search | Login | Register
Author There’s been a disturbance in the force (Read 57741 times)
Knezzen
Administrator
512 MB
*****
Posts: 608

Village idiot
View Profile System 7 Today 		Reply #15 on: January 12, 2025, 11:00
HTTPS and encryption is inherently a very good thing and I'm quite opposed to picking camps in this kind of discussion.

Personal privacy is important, even if you don't have anything to hide (as in criminal activity), personal privacy is important. Would you give your phone to a total stranger and let them read all your Messenger/SMS/WhatsApp/random chat protocol messages even if you don't have "anything to hide"? Encryption is good and it should be used as often as possible.

We offer both here at System 7 Today, at Mac OS 9 Lives and at The Macintosh Garden. Try adding https before any of those URL's and it'll work just fine as well :)
Bolkonskij
Administrator
1024 MB
*****
Posts: 2023
View Profile Cornica - Video Entertainment for Mac OS users 		Reply #16 on: January 12, 2025, 12:22
We're not discussing "is encryption useful?". Because everybody here is on board with "it's important". So it's really not about "picking camps" - because nobody does. The question simply is whether today's use of it is useful and Jatoba has given good points.

There is just so much misconception about being "protected" and "not being protected" in terms of SSL/TLS. I'll just post what I wrote on Cornica because it spares me repeating myself:

Quote
Is Cornica unsafe?
Your browser might have told you so - or outright blocked access if you're coming from a modern machine. The assumption here is that if a website offers no encryption, it is somehow unsafe to use.

I could call this a big nonsense but then I'd only water down the subject much in the way the "big guys" like Google and others do. Here's the truth: It depends on what you're doing. If you want to hide something from the public, it's generally a good idea to use the best encryption you have at your hands.

An even better solution is to not put it out in the public, but in the case of online banking or an online shop that works with credit card numbers this might not be an option.

The issue I take is when a website with content that is supposedly open for everyone starts locking out people who don't want or can't use encryption in classic paternalism. ("we know what's best for you!")

Some self-proclaimed "security pro" might tell you that encryption avoids data corruption e.g. via a so-called man-in-the-middle attack. They tend to ignore that by far the easiest way to corrupt data on a website is to manipulate data on the server. And just about anyone with an idea of how IT things work knows that. Be sure, that especially includes "bad guys", the NSA, Russia, China, North Korea and others.

So more often then not encryption ends up effectively protecting corrupted data coming from a compromised server. Almost like irony, isn't it?

That said, you can intercept a data stream live. I could learn what your password is. But that would require either (physical) access to your LAN or the underground cable (or overland lines) going to your house. Go figure yourself if that is very practical. Sure, infesting your computer with a trojan / virus is another (and easier) option but that's outside of the topic of encryption anyway.

So slapping a SSL certificate onto a website and forcing users to use https is the effective protection it is publized as? No.

Cornica has nothing to hide. Cornica is open to the public. Cornica intends to be inclusive, to allow computers of (nearly) all ages to access Quicktime movie trailers, commercials & more. Hence, Cornica will continue to offer its content unencrypted.

The majority of internet users has no understanding of this and will continue to praise encryption because they are repeating what they hear. But you can make a difference by keeping your projects open & accessible. Please consider it.
Last Edit: January 12, 2025, 12:40 by Bolkonskij
Jatoba
256 MB
*****
Posts: 270
System 9 Newcomer!
View Profile 		Reply #17 on: January 12, 2025, 13:02
There's zero point in e.g. encrypting my login-less visit to MacRumors PPC subforum to read a thread, then close the webbrowser. HTTPS doesn't hide from outside view what sites or pages you accessed.

For protection against that, then you simply cannot use the internet. (Not a bad advice, actually.)
Knezzen
Administrator
512 MB
*****
Posts: 608

Village idiot
View Profile System 7 Today 		Reply #18 on: January 12, 2025, 15:44
I agree with both of you ;)
lauland
512 MB
*****
Posts: 674
Symtes 7 Mewconer!
View Profile 		Reply #19 on: January 12, 2025, 17:31
Dang..."is encyrption useful?" blew my mind, and really made me think.  Huge food for thought.

For the longest time it was drilled into us to "look for the lock icon" in our browsers and assume we were "safe" as long as it was there.  But, these days, with some encryptions being weak enough to be easily broken, man-in-middle attacks, goofy people using open wifi access points, and too many other exploits to count, that really isn't true anymore.  It seems to me in many cases the communication simply being "encrypted" can give a false sense of safety to people.

For sites without logins, or which don't "collect any personal information" of any sort, the answer is (at least to me) surprisingly "no".  For a read only site, really it isn't in any way when you think about it.

This would be a hard sell to people, after all, "all modern browsers/systems" (implying, of course, they are the only ones that "matter") support encryption, right?  But...it's tantalizing to imagine a world where there was a lot of content available just via http...  Internet software would be a lot easier to write!

It wouldn't be easy to configure, but sites could provide read-only, no user interaction, versions via http...
wove
1024 MB
******
Posts: 1363

View Profile 		Reply #20 on: January 12, 2025, 18:57
I often use a 2011 17" MBP running High Sierra. Overall the OS seems to be at the cusp of being modern. I find it surprising that using Safari I can actually log into my bank and access government websites without getting any complaints about the browser.

However many very plain sites and forums complain that "Your Browser is not supported; please update your browser." That would indicate to me that the site is simply looking at the browser version number, without checking on the capabilities of the browsers. Although I do not know I speculate that some of that behavior comes from the site building packages (WordPress?) that are used to craft websites, that remarkably all look and act so similar to one another.
lauland
512 MB
*****
Posts: 674
Symtes 7 Mewconer!
View Profile 		Reply #21 on: January 12, 2025, 19:36
@wove You're totally right, a lot of sites just dismiss older browsers out of hand...I do understand how "user support" goes, and they can't (or don't have the time to) help anyone (as far as tech support) with issues with older browsers...but they could at least let them try, and not just take them to a "not supported" page and stop them dead!

I've been using ArticFox and TenFourFox on my iBook G4 running Tiger a lot lately.  Tried to look at a few news sites I frequently visit, and it looks like the problems are mostly with old versions of JavaScript and/or the DOM, or other things, and not encryption at all.  I can see everything, but things are out of place, text flows very badly, or parts are off screen.

 
Last Edit: January 12, 2025, 19:39 by lauland
68040
512 MB
*****
Posts: 950
68k - thy kingdom come, thy will be done !
View Profile 		Reply #22 on: January 13, 2025, 00:01
The saying used to be: "Nobody ever got fired for buying IBM"
Then that changed to Microsoft.

But now they say: "nobody ever got into trouble for blaming it on the (old) browser".
Pages: 1 [2]

© 2021 System7Today.com.
The Apple Logo, Macintosh™, Mac OS™, and others property of Apple Computer, Inc.
This site is in no way affiliated with Apple Computer, Inc.