Yes, there is countless examples of root CAs containing compromised CAs.
This incidence with digicert is not about a compromised CA it is about a flaw in their validation system. That is not what you claimed. Such flaws happen from time to time, lets encrypt had an issue a while back too.
So one of the ones complaining, complained that they should rather implement the feature he needed instead of posting a tweet that took 20 seconds to write?
This person’s block was well deserved.
Not exactly. They are pointing out that HTTPS assumes all is well if it sees a certificate from any “trusted” certificate authority. Browsers typically trust dozens of CAs (nearly 80 for Firefox) from jurisdictions all over the world. Anyone with sufficient access to any of them can forge a certificate.
Great thing, that you can remove them and only trust those you trust.
Also, HTTPS doesn’t cover all traffic like a properly configured VPN does.
Pls explain what https is not covered? The SNI on tbe first visit? A VPN just moves the “exit point” of your traffic. Now the Datacentef and VPN provider sees what you ISP saw.
it’s not difficult for a well positioned snooper (like an internet provider that has to answer to government) to follow your traffic on the net and deduce what you’re doing.
No. I never said otherwise. But they cannot spy on the traffic. And since the SNI is not encrypted anyway they do not even nerd to “follow the traffic”. But what sites you are visiting and what you are doing on them are 2 different things.
Yes, there is countless examples of root CAs containing compromised CAs.
Then pls proof that? Link to a recent article maybe?
You can read more about this learning about X.509.
Its the PKI thats broken, namely the root stores. Has been unreliable for many, many years. This is why packages are signed.
So you are basically saying that root CAs are unreliable or compromised?
The great thing is, that you can decide on your own which CAs you trust. Also please proof that those are actively malicious.
And no. That is not the reason that packages are signed, i am guessing you mean packages like on linux, packages contained in the installation repository. The reason is, that you build another chain of trust. Why would i trust a CA which issues certificates for domains with code distribution. That’s not their job.
When you get judged based on what website you are visiting it is very likely that you are already the bad guy by using a vpn.
Yes. Not claimed otherwise. OC claimed that they see what you are doing which is wrong.
Basically everything online can be done encrypted. bittorrent has had support for encryption for years. There are other challenges like hiding from DPI and the thing that you broadcast your torrent IP but the content can be securely emcrypted.
They see what sites you are visiting yes but they do not see what you are doing on them. They do not see the content of the traffic. Huge difference.
a VPN provider can indeed tell what you’re doing
New to me that https is broken
Yes, any VPN provider will see what’s in your traffic, no way around that…ever…no matter who you choose
Yes, there is a way around it, just use https.
When you visit sites with https then the traffic is encrypted. They still see what sites you are visiting.
Surprised Transmission has issues seeding that many, thought Transmission 4.x made improvements in that area. How much RAM does your system have? Maybe at some point you just need more system resources to handle the load.
PS - For what it’s worth you can still stick with Transmission and/or other torrent clients & just spread the torrents among multiple torrent client instances. e.g. run multiple Transmission instances with each seeding 1000 or whatever amount of torrents works for you.
Those are duck tape solutions. Why use them when there is a good solution
There are enough private trackers without the requirement of using a VPN.
Yep. Also claimed “it affects all GNU/Linux” while it only really does CUPS and so on.
Just alone full disclosure is a shit thing to do. Do not even mention the part where it was intended as a responsible disclosure.
I mean the “Crypto AG” was a thing. So not that unrealistic.
But that Proton is CIA is not that realistic imho but not impossible.
Qualcomm did work together with Microsoft and the Vendors closely together before the launch to create those devices.
Linux device vendors probably did not get the same treatment. So give it time. Also, why not buy a windows laptop and put linux on it?
Thanks my bad. OP was talking about ethernet in some of his comments so i somehow thought it was about an USB connected NIC.
I agree, all this attention grabbing sound to me as if this is actually not a big deal. But we will see i guess.
And? If you cannot trust then you should not use them when you want to do something that is private and should not get looked on.
And if there were signs of misuse of the trust, then they would get removed.
It is actually really easy to monitor thanks to CT.