I’ll bite.
The risk is training people in bad behaviors, and then having those people do stupid things like type in a password.
Comment on How to selfhost with a VPN
EncryptKeeper@lemmy.world 3 days agoThere’s no security risk viewing this bit of html lmao
surewhynotlem@lemmy.world 3 days ago
EncryptKeeper@lemmy.world 3 days ago
There’s no password entry on this site, and what people do on other websites is not OPs responsibility.
surewhynotlem@lemmy.world 2 days ago
Oh yes. Pushing personal responsibility to the end user has always been a very effective security strategy.
EncryptKeeper@lemmy.world 2 days ago
Lmao as the operator of a website your personal responsibility ends with your website. It is not OPs responsibility to protect other websites he does not operate, nor is it to take on the end user’s responsibility.
jafra@slrpnk.net 2 days ago
Maybe there is, maybe it’s only little. Maybe people browsing should be more aware of where they click on. Either way, this method shouldn’t be used for any sensitive information least a personal cloud. Would be suicidal I guess.
EncryptKeeper@lemmy.world 2 days ago
Luckily this website contains no sensitive information and is not a personal cloud.
possiblylinux127@lemmy.zip 2 days ago
How so?
Data send back isn’t validated so someone could tamper with the data. A bad actor could add soke arbittary Javascript plus ISPs have been caught inserting marketing materials into pages.
From a privacy perspective it is also bad as not only does it include your user agent in plain text it doesn’t have any encryption on page contents which allows your ISP to snoop on what you are doing.
All of these reasons are while we moved to https. X.509 certs are free and trivial to setup with Caddy or any other Reverse proxy/web server.
null_dot@lemmy.dbzer0.com 2 days ago
Do you really think someone is going to set up a MITM attack for the dozen people who visit this blog?
possiblylinux127@lemmy.zip 2 days ago
No, but governments and ISPs can and have historically done so for all http traffic.
It doesn’t matter the page. They just care about http.
missfrizzle@discuss.tchncs.de 2 days ago
specifically this is how QUANTUMINSERT worked (from the Snowden leaks.)