HTTPS isn't so much about security as it is about privacy. Maybe we should have called it HTTPP or PHTTP.
-
-
Strong disagree on your disagree. Just because HTTPS isn't a perfect solution doesn't mean we shouldn't use it.
-
Y'all're talking past each other. You can't have privacy without security.
- 6 more replies
New conversation -
-
-
Most Debian packages can be uniquely identified by request+response length, so absent some trickery with HTTP ranges, HTTPS provides no privacy there. They should be using HTTPS because when people download packages by hand, they don't do the verification that APT normally does.
-
It's kind of perverted to think of privacy as "no one can figure out my secrets" when what it really means is "I have control over my secrets." We already know that length inspection attacks can be somewhat foiled by padding which TLS 1.3 and HTTP/2 both offer.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.