yeah, I guess not too many users ever changed that pref... =)
-
-
Replying to @bagder @aprilmpls and
I was thinking more that tor/cliqz all would have the same fragility. I raised a bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1494664 …
@aprilmpls do you know if the captive portal is a blocker for preloading that domain?1 reply 0 retweets 0 likes -
Replying to @KingstonTime @bagder and
AFAIK that's the only http://firefox.com subdomain accessible over HTTP, but
@jvehent would likely know more than me.1 reply 0 retweets 2 likes -
Replying to @aprilmpls @bagder and
If it's a blocker I'll try to get that prioritised higher.
2 replies 0 retweets 2 likes -
Replying to @KingstonTime @bagder and
We haven't historically put many websites on http://firefox.com , so that may be the only blocker. But again, that's just my hunch. :)
1 reply 0 retweets 1 like -
Replying to @aprilmpls @KingstonTime and
We are putting tons of websites on http://firefox.com nowadays. I'm trying to get hardcoded pins in Firefox for it so we can protect all of *.firefox.com, so making sure we don't have any HTTP site there is important.https://bugzilla.mozilla.org/show_bug.cgi?id=1494431 …
2 replies 0 retweets 4 likes -
Replying to @jvehent @aprilmpls and
"This will reduce the risk of a fraudulent CA hijacking Firefox sites" : you just have to add a CT monitoring for *.firefox.com domains and fraudulent CA actions will be detected (or browsers will stop non CT logged certificates - Chrome for the moment but others are coming) 1/2
1 reply 0 retweets 0 likes -
Tooling : https://sslmate.com/certspotter/ or <mode advertising on> https://github.com/AssuranceMaladieSec/CertStreamMonitor … </mode> 2/2
1 reply 0 retweets 0 likes -
Replying to @cbrocas @aprilmpls and
Haha. Fair shameless plug ;) We already do CT monitoring, but that's a reactive measure vs preloaded pins which directly protect the user. I think both are needed.
1 reply 0 retweets 1 like -
Replying to @jvehent @aprilmpls and
Preloaded certificate pins in Firefox protect users using Firefox. For my understanding, *.firefox.com are services used by Firefox users only (mainly) like accounts sync etc ?
2 replies 0 retweets 0 likes
Scroll to the top of this thread plz.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.