HSTS says it must be encrypted but a proxy will create two connections and look at it clear in the middle. On the other hand cert pinning says it must be a specific cert that breaks the site if decryption is used. Apple is big on doing that for a lot of their site and apps.
EncryptKeeper@lemmy.world 12 hours ago
Only if the site they’re visiting isn’t using HSTS, but it’s possible
foobaz@lemmy.world 10 hours ago
I don’t think this is correct. HSTS only prevents downgrading.
ShellMonkey@piefed.socdojo.com 7 hours ago
HSTS says it must be encrypted but a proxy will create two connections and look at it clear in the middle. On the other hand cert pinning says it must be a specific cert that breaks the site if decryption is used. Apple is big on doing that for a lot of their site and apps.