HSTS says it must be encrypted but a proxy will create two connections and look at it clear in the middle. On the other hand cert pinning says it must be a specific cert that breaks the site if decryption is used. Apple is big on doing that for a lot of their site and apps.
EncryptKeeper@lemmy.world 2 weeks ago
Only if the site they’re visiting isn’t using HSTS, but it’s possible
foobaz@lemmy.world 2 weeks ago
I don’t think this is correct. HSTS only prevents downgrading.
ShellMonkey@piefed.socdojo.com 2 weeks ago
HSTS says it must be encrypted but a proxy will create two connections and look at it clear in the middle. On the other hand cert pinning says it must be a specific cert that breaks the site if decryption is used. Apple is big on doing that for a lot of their site and apps.