Yes exactly. That kind of UX distinction is essential to teaching non-security-expert users basic safety AND to building their faith that TLS/HTTPS/encryption actually does what it's claimed to do.
-
-
Replying to @RichFelker @mdhardeman and
Everyone thinks that, the problem is it's not possible. Why don't you just solve the halting problem Rich, that would make things much easier. Don't you care about users? Do the right thing, stop tweeting and get solving.
1 reply 0 retweets 3 likes -
Replying to @taviso @mdhardeman and
Here "not possible" is a matter of political will/marketplace influence by the browser vendors, not some underlying fundamental impossibility. Tweeting about it is a small step towards making the idea that they should do this mainstream.
1 reply 0 retweets 1 like -
Replying to @RichFelker @mdhardeman and
Write me a program that can safely assert something when the Administrator is malicious, it can be as simple as you like. Make it show the result of X509_verify() or something in a message box.
1 reply 0 retweets 1 like -
Replying to @taviso @mdhardeman and
That's impossible. But what is possible is asserting "either someone committing a crime is in control of this machine, or any certificate it accepts is sufficiently legitimate that your non-backdoored phone/laptop would also accept it".
1 reply 0 retweets 1 like -
Replying to @RichFelker @mdhardeman and
Serious question, If I told you yesterday that today you would be arguing for DRM and that Administrators don't have the right to modify software on their own computers, would you have believed me?
2 replies 0 retweets 1 like -
Replying to @taviso @mdhardeman and
No, because that's not what I'm arguing here. I don't think DRM is necessary or good. I think TM&© are. I don't think you lack a right to modify sw on your own computer. I do think you lack a right to put modified sw in front of a user who's unaware it's modified.
2 replies 0 retweets 2 likes -
Replying to @RichFelker @mdhardeman and
You're dropping the DRM argument, and now you're only arguing for the legal thing? To make sure we're on the same page, you believe that owning a computer does not give you the right to alter the software on it?
1 reply 0 retweets 0 likes -
Replying to @taviso @mdhardeman and
Yes I actually believe that MITM (like other forms of surveillance) is unethical and non-consensual regardless of what contract they signed. To have any chance of being ethical it needs constant visual indication that it's taking place.
1 reply 0 retweets 0 likes
100% agree, you didn't say unethical before - you said illegal. The people doing it believe that not doing MITM is unethical, that's why this is so hard. Try telling an antivirus vendor that it's unethical to scan for viruses.
-
-
Replying to @taviso @mdhardeman and
I said (or tried to; maybe this got lost in Twitter threading) that browser vendors could use TM &/| © law to make something that's unethical into something illegal, thereby protecting users as long as they can assume administrator is law-abiding.
1 reply 0 retweets 0 likes -
Replying to @RichFelker @mdhardeman and
Do you think websites can use TM&© to prevent adblockers?
2 replies 0 retweets 0 likes - 6 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.