“Network with invalid server certificate” lol wtf is that supposed to mean?
Indian Government developed UPI app not allowing me to use the app w/o turning off Adguard.
Submitted 3 weeks ago by sonofearth@lemmy.world to technology@lemmy.world
https://lemmy.world/pictrs/image/7535da63-44f8-4ebf-9d7a-32d1886823ba.jpeg
Comments
jaybone@lemmy.zip 3 weeks ago
Passerby6497@lemmy.world 3 weeks ago
It means they know the hash or whatever for their cert, and intentionally fail if there’s any kind of MITM funkiness (which you’d have for an ad blocker doing https intercept)
observantTrapezium@lemmy.ca 3 weeks ago
It could also be that the app is looking at parameters other than the hash (which would probably be that of the certificate authority rather than the domain’s certificate), like the CN, which is potentially fakeble. You can also try to mess with the APK file, maybe find the strings associated with the certificate check and replace them. I won’t fault the app’s authors for making such a check though, MITM is so easy to do without certificate validation.
GreenShimada@lemmy.world 3 weeks ago
Please cross-post to a privacy community. Ultimately, this sounds like it’s going to produce a situation where a dumbphone that allows for hotspots and them a smartphone without UPI and with a VPN are a workable solution.
nutbutter@discuss.tchncs.de 3 weeks ago
Which app is this? BHIM?
deathmetal27@lemmy.world 3 weeks ago
It literally says that in the screenshot
j4k3@piefed.world 3 weeks ago
Maybe I do not understand the vector here, but I think you should be able to use a DNS filter log, like a whitelist firewall. Use the log to see what servers are blocked when you try to open the app. Then just whitelist those servers.
The proper argument is not for Ad Block. That is just a lazy hack. The proper argument is that you have a right to a front door on your digital front door, a right to lock it, and a right to decide who may enter your home. This is what a DNS whitelist filter does. If you are not allowed to use a DNS whitelist, your home has had the door ripped off and are being forced to allow stalkers, thieves, and slavers into your home to manipulate and exploit you. Never talk about ad block. That is irrelevant. I do not care if the lock on your front door in the real world has great pick resistance. It is just as much a symbol as it is a device. The primary reason for losing rights is from people failing to argue well, and understand their rights like this. I am one of the few people that does DNS the hard way and run a whitelist filter.
sonofearth@lemmy.world 3 weeks ago
All the blocked requests are app analytics and trackers. Whitelisting them will defeat the purpose. I might just switch to Google Pay’s UPI rather than fighting the government app or just use cash.
Also using DNS filters in a whitelist mode is very inefficient and defeats the purpose of using the internet. I don’t want to make a fool of myself in front of my friends when I am unable to figure out which domains does the restaurant’s digital menu uses so I can go and whitelist them.
j4k3@piefed.world 3 weeks ago
You have multiple devices and networks.