Comment

Comment on "No, seriously. All those things Google couldn't find anymore? Top of the search pile. Queries that generated pages of spam in Google results? Fucking pristine on Kagi – the right answers, over and ov

<- View Parent

SkyNTP@lemmy.ml ⁨7⁩ ⁨months⁩ ago

They’ve stubbornly not gotten an SSL because they transact 0 data beyond band name searches.

Even if sites do not store user account data, such as passwords, ALL websites, and I mean ALL, handle user data, because merely accessing pages (urls) is user data.

Stubbornness is not a good reason not to setup SSL. Encryption should always be on, all the time, for everything.

source

Sort:hotnew top

Bogasse@lemmy.ml ⁨7⁩ ⁨months⁩ ago
And it’s not only about user data, it would also expose the website to content spoofing in public wifi, which would for example allow the attacker to inject fishing content in the website. The SSL encrypts the data you’re sending but it also ensures that you’re communicating only with who you think you are. Without SSL you can’t be confident about any of that.

source
db0@lemmy.dbzer0.com ⁨7⁩ ⁨months⁩ ago
Ssl doest hide the url you’re visiting

source
- rikudou@lemmings.world ⁨7⁩ ⁨months⁩ ago
  It does. Anyone sniffing the traffic can only see the domain.
  
  source
  - hansl@lemmy.world ⁨7⁩ ⁨months⁩ ago
    Not if you use DNSSEC.
    
    source
- stsquad@lemmy.ml ⁨7⁩ ⁨months⁩ ago
  Yes it does. You can derive the domain from snooping DNS lookups but the URL is part of the encrypted get header.
  
  source
  - AProfessional@lemmy.world ⁨7⁩ ⁨months⁩ ago
    The domain is a public part of TLS itself, SNI, for now.
    
    source
    tgxn@lemmy.tgxn.net ⁨7⁩ ⁨months⁩ ago
    Yeah we’re need encrypted SNI. I hear it’s coming soon.
    
    source