The problem is the default is *off*.
You'd think this would be... obvious? At least there's a flag for it I guess.pic.twitter.com/vIjOYUgQnJ
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
they're scheduled to make it the default in, uh… I forget exactly when, but soonish
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
It's not enabled by default because it would cause people see so many warnings that they would disregard them.
-
Currently about 50% of the page loads are HTTPS, when it reaches 75% they will enable warnings. In Oct. pages with forms will be not secure.
End of conversation
New conversation -
-
-
You should watch
@emschec talk from enigma this year: https://youtu.be/jplIY1GXBHM -
Watched it. I know, I know, we can't just shove a red triangle in everyone's face quite yet. Still, the flag title is wonderfully 'duh' :)
End of conversation
New conversation -
-
-
If you have a private web server on your LAN for use by visitors, what certificate should it use?
-
Use a real registered domain and get a real cert for it. Let's Encrypt supports DNS validation, no need to expose server to the internet.
- Show replies
New conversation -
-
-
You need hsts and hpkp too else you're just getting people to expose more information with looser policy
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.