1
0
Fork 0
mirror of https://git.sr.ht/~seirdy/seirdy.one synced 2024-11-10 00:12:09 +00:00
seirdy.one/content/notes/unencrypted-connections-do-mean-injection.md
2024-04-15 10:48:38 -04:00

1.8 KiB

title date replyURI replyTitle replyType replyAuthor replyAuthorURI replyDate syndicatedCopies
Unencrypted connections do mean injection 2024-04-15T10:45:12-04:00 https://lethallava.land/notes/9s4irgazxf wdym [ISPs inject content], any examples? SocialMediaPosting dflxh https://lethallava.land/@dflxh 2024-04-15T08:52:40-04:00
title url
The Fediverse https://pleroma.envs.net/notice/AgIhXz3q628odren2G
title url
IndieNews https://news.indieweb.org/en

[My previous response to similar concerns]({{<relref "/notes/on-enforcing-https.md">}}) is relevant. To elaborate:

If nothing prevents bad behavior from an ISP, and it has happened before, then you should assume it's happening. This extends to injecting JavaScript apps into insecure connections.

Unless you trust every hop from your browser to the destination server (and back), assume anything unencrypted can and will be inspected (and potentially tampered with). Encrypt everything you can.