1. Forum
  2. Usenet Intenat
  3. ALT.CYBERPUNK

  • It's the end of the web as we know it, and I don't feel fine.

    From superkuh@1:229/2 to All on Tuesday, November 17, 2020 11:39:48
    From: superkuh@superkuh.com

    HTTPS only comes from a good place. People want privacy from their
    governments' pervasive spying. Unfortunately, by going full retard and
    not allowing HTTP combined with the centralized nature of cert
    authorities, this privacy push has and will result in a situation that absolutely delights those same central governments. Because now they
    will have full control of who can speak and who can not.

    https://blog.mozilla.org/security/2020/11/17/firefox-83-introduces-https-only-mode/


    I give it about 3 years before all massive commercial browsers stop
    allowing you to visit HTTP sites at all and Firefox only allows if you
    use their unstable beta build.

    HTTPS only, transport layer security only (for IRC, for SMTP, for HTTP,
    etc), will be the end of personal autonomy on the internet. There are
    only a handful of cert authories that actually get used as as each of
    those get bigger they become more easily corrupted by money and external government influence. We saw it with dot org. I doubt LetsEncrypt will
    be significantly more robust over the same time scales.

    HTTPS only is insidious. The very people we've come to trust are working
    for our privacy are now working to solidify and centralize a system that
    allows for a few big players to decide on whim (or otherwise) who can
    speak. And it has to stop.

    --- SoupGate-Win32 v1.05
    * Origin: www.darkrealms.ca (1:229/2)
  • From superkuh@1:229/2 to All on Tuesday, November 17, 2020 11:41:36
    From: superkuh@superkuh.com

    And no, self-signed certs won't be the solution. Most browsers already
    put up giant scaremongering warnings about self-signed certs. It won't
    be too long until they're not allowed at all in the big corporate browsers.

    --- SoupGate-Win32 v1.05
    * Origin: www.darkrealms.ca (1:229/2)
  • From superkuh@1:229/2 to Joe Blow on Sunday, December 27, 2020 20:08:28
    From: superkuh@superkuh.com

    The problem is that everyone else isn't going to be using a browser that supports HTTP. So that means when you try to host a webserver from home
    you either tether yourself to the whims of a certificate authority and
    run HTTPS, go self-signed and have the browsers reject you anyway, or
    just not care that the web is splintering into parts and that your
    website will only be accessible to a small minority of geeks. I can
    understand the last one but I don't want to give up on the web yet.
    Regular users need to be able to access HTTP sites.

    On 12/26/2020 03:17 PM, Joe Blow wrote:
    Browsers not using http doen't bother me much. You don't have to use an up-to-date browser. You don't even have to use a graphical one. Lynx is
    100% free of all javascript exploits because it doesn't use Javascript.
    My worry comes when the powers that be start forcing ISPs to monitor all traffic and disallow unapproved traffic e.g. Tor onion services or other services that are unable to be policed efficiently (usenet, irc).


    --- SoupGate-Win32 v1.05
    * Origin: www.darkrealms.ca (1:229/2)
  • From superkuh@1:229/2 to superkuh on Thursday, December 31, 2020 16:32:46
    From: superkuh@superkuh.com

    As of the latest Firefox release, 84, they have HTTPS Everywhere always
    enabled and set in such a way to scaremonger and require user action
    before HTTP sites are shown. This is the same way that self-signed certs
    were eventually killed in corpoarate browsers.

    https://blog.mozilla.org/blog/2020/12/15/our-year-in-review-how-weve-kept-firefox-working-for-you-in-2020/

    HTTPS-Only mode ... will also ask for your permission before
    connecting to a website if it doesn't support secure connections.

    I thought I was being very aggressive in my estimate of 3 years. But it
    turns out it might happen even faster than that.

    On 11/17/2020 11:39 AM, superkuh wrote:
    I give it about 3 years before all massive commercial browsers stop
    allowing you to visit HTTP sites at all and Firefox only allows if you
    use their unstable beta build.

    --- SoupGate-Win32 v1.05
    * Origin: www.darkrealms.ca (1:229/2)
  • From ajxs@1:229/2 to superkuh on Sunday, February 28, 2021 14:08:27
    From: ajxs@panoptic.online

    You've raised a really good point about the susceptibility of
    certificate authorities to coercion. Don't forget that there's still a
    lot of alternative web protocols without such issues that are accessible through other means: Gemini, Gopher, freenet, .onion, etc.
    Firefox and Chrome, despite these organisations becoming increasingly threatening to online freedom, are still open-source software. Don't
    forget that there are forks of these projects designed to support online freedom, such as GNU IceCat or Brave.
    I agree with the overall sentiment that we are heading towards a more _cyberpunk_ future with regards to how we access information. The future
    of decentralised information access might come in more novel forms than
    you think.

    On 18/11/20 4:39 am, superkuh wrote:
    HTTPS only comes from a good place. People want privacy from their governments' pervasive spying. Unfortunately, by going full retard and
    not allowing HTTP combined with the centralized nature of cert
    authorities, this privacy push has and will result in a situation that absolutely delights those same central governments. Because now they
    will have full control of who can speak and who can not.

    https://blog.mozilla.org/security/2020/11/17/firefox-83-introduces-https-only-mode/


    I give it about 3 years before all massive commercial browsers stop
    allowing you to visit HTTP sites at all and Firefox only allows if you
    use their unstable beta build.

    HTTPS only, transport layer security only (for IRC, for SMTP, for HTTP,
    etc), will be the end of personal autonomy on the internet. There are
    only a handful of cert authories that actually get used as as each of
    those get bigger they become more easily corrupted by money and external government influence. We saw it with dot org. I doubt LetsEncrypt will
    be significantly more robust over the same time scales.

    HTTPS only is insidious. The very people we've come to trust are working
    for our privacy are now working to solidify and centralize a system that allows for a few big players to decide on whim (or otherwise) who can
    speak. And it has to stop.

    --- SoupGate-Win32 v1.05
    * Origin: www.darkrealms.ca (1:229/2)
  • From rtr@1:229/2 to superkuh on Friday, November 26, 2021 20:43:11
    From: rtr@nospam.invalid

    On Tue, 17 Nov 2020 11:41:36 -0600
    superkuh <superkuh@superkuh.com> wrote:

    And no, self-signed certs won't be the solution. Most browsers
    already put up giant scaremongering warnings about self-signed certs.
    It won't be too long until they're not allowed at all in the big
    corporate browsers.


    I think this highlights a deeper problem than HTTPS. I think the
    development of the web and web browsers have become prohibitive such
    that only a few giant entities have the capacity or the resource to
    produce a web browser. If only a web browser can be more easily
    developed but is still user friendly and doesn't break "normie" sites
    then it would be good.

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)
  • From rtr@1:229/2 to superkuh on Friday, November 26, 2021 20:35:21
    From: rtr@nospam.invalid

    On Tue, 17 Nov 2020 11:39:48 -0600
    superkuh <superkuh@superkuh.com> wrote:

    HTTPS only comes from a good place. People want privacy from their governments' pervasive spying. Unfortunately, by going full retard
    and not allowing HTTP combined with the centralized nature of cert authorities, this privacy push has and will result in a situation
    that absolutely delights those same central governments. Because now
    they will have full control of who can speak and who can not.

    https://blog.mozilla.org/security/2020/11/17/firefox-83-introduces-https-only-mode/


    I give it about 3 years before all massive commercial browsers stop
    allowing you to visit HTTP sites at all and Firefox only allows if
    you use their unstable beta build.

    HTTPS only, transport layer security only (for IRC, for SMTP, for
    HTTP, etc), will be the end of personal autonomy on the internet.
    There are only a handful of cert authories that actually get used as
    as each of those get bigger they become more easily corrupted by
    money and external government influence. We saw it with dot org. I
    doubt LetsEncrypt will be significantly more robust over the same
    time scales.

    HTTPS only is insidious. The very people we've come to trust are
    working for our privacy are now working to solidify and centralize a
    system that allows for a few big players to decide on whim (or
    otherwise) who can speak. And it has to stop.

    I never thought of it this way but that makes sense. If HTTPS becomes
    mandatory then the ones who can issue certs has the say to who has the
    right to exist on the internet. I think it's also worth noting that
    there are alternative protocols but it's really something of a moot
    point.

    It's nice to have alternatives to exist once the web becomes really uninhabitable but I hope it doesn't get to reach to that point.

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)