Comment

Comment on How to selfhost with a VPN

<- View Parent

EncryptKeeper@lemmy.world ⁨6⁩ ⁨months⁩ ago

There’s no security risk viewing this bit of html lmao

source

Sort:hotnew top

jafra@slrpnk.net ⁨6⁩ ⁨months⁩ ago
Maybe there is, maybe it’s only little. Maybe people browsing should be more aware of where they click on. Either way, this method shouldn’t be used for any sensitive information least a personal cloud. Would be suicidal I guess.

source
- EncryptKeeper@lemmy.world ⁨6⁩ ⁨months⁩ ago
  Luckily this website contains no sensitive information and is not a personal cloud.
  
  source
possiblylinux127@lemmy.zip ⁨6⁩ ⁨months⁩ ago
How so?

Data send back isn’t validated so someone could tamper with the data. A bad actor could add soke arbittary Javascript plus ISPs have been caught inserting marketing materials into pages.

From a privacy perspective it is also bad as not only does it include your user agent in plain text it doesn’t have any encryption on page contents which allows your ISP to snoop on what you are doing.

All of these reasons are while we moved to https. X.509 certs are free and trivial to setup with Caddy or any other Reverse proxy/web server.

source
- null_dot@lemmy.dbzer0.com ⁨6⁩ ⁨months⁩ ago
  Do you really think someone is going to set up a MITM attack for the dozen people who visit this blog?
  
  source
  - possiblylinux127@lemmy.zip ⁨6⁩ ⁨months⁩ ago
    No, but governments and ISPs can and have historically done so for all http traffic.
    
    It doesn’t matter the page. They just care about http.
    
    source
    missfrizzle@discuss.tchncs.de ⁨6⁩ ⁨months⁩ ago
    specifically this is how QUANTUMINSERT worked (from the Snowden leaks.)
    
    source
    -> View More Comments
surewhynotlem@lemmy.world ⁨6⁩ ⁨months⁩ ago
I’ll bite.

The risk is training people in bad behaviors, and then having those people do stupid things like type in a password.

source
- EncryptKeeper@lemmy.world ⁨6⁩ ⁨months⁩ ago
  There’s no password entry on this site, and what people do on other websites is not OPs responsibility.
  
  source
  - surewhynotlem@lemmy.world ⁨6⁩ ⁨months⁩ ago
    Oh yes. Pushing personal responsibility to the end user has always been a very effective security strategy.
    
    source
    EncryptKeeper@lemmy.world ⁨6⁩ ⁨months⁩ ago
    Lmao as the operator of a website your personal responsibility ends with your website. It is not OPs responsibility to protect other websites he does not operate, nor is it to take on the end user’s responsibility.
    
    source
    -> View More Comments