Wow. Bad. Also, apparently @agl__ blocked me. Well, keep up the Evil, Google. Who needs security anyway?
-
Google isn't a security company, and that's the problem. They're a mass-surveillance company. I.e. anti-security company.
Ask yourself this question: if HPKP really is such a bad protocol, and Expect-CT so much better, why are they REMOVING option of HPKP?
-
-
They could just let server sysadmins decide for themselves which ones they like better, but no, they don't want to do that. Why?
-
I'll answer for you: because HPKP is a threat to mass-surveillance. Period.
-
Effects of CT: - Reduce # of CAs - Increase cost of HTTPS certs - Entrust "Google" w/net's security - Make censorship of websites easier
-
You’re confusing privacy with security. They are not the same. I don’t see how something like HPKP is at odds w/ their interests.
-
They control the browser, they control Android, they have your email and searches, they don’t need to MITM your https connections
-
Chrome has also been a supporter of
@letsencrypt and a pioneer in forcing websites w/ forms on https, so it’s hard to reconcile your claims. -
Pinning in general (not just HPKP) is at odds with Google's (and many others) interests b/c it's outside of their control.
-
Android/Gmail is off-topic. This isn't just about Google, but about NSA, who uses Google as a tool.
- 6 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.