"No, seriously. All those things Google couldn't find anymore? Top of the search pile. Queries that generated pages of spam in Google results? Fucking pristine on Kagi – the right answers, over and ov

Optional@lemmy.world · 7 months ago

"No, seriously. All those things Google couldn't find anymore? Top of the search pile. Queries that generated pages of spam in Google results? Fucking pristine on Kagi – the right answers, over and ov

SkyNTP@lemmy.ml · 7 months ago

They’ve stubbornly not gotten an SSL because they transact 0 data beyond band name searches.

Even if sites do not store user account data, such as passwords, ALL websites, and I mean ALL, handle user data, because merely accessing pages (urls) is user data.

Stubbornness is not a good reason not to setup SSL. Encryption should always be on, all the time, for everything.

Bogasse@lemmy.ml · edit-2 7 months ago

And it’s not only about user data, it would also expose the website to content spoofing in public wifi, which would for example allow the attacker to inject fishing content in the website.

SSL encrypts the data you’re sending but it also ensures that you’re communicating only with who you think you are. Without SSL you can’t be confident about any of that.

pixxelkick@lemmy.world · 7 months ago

If a website has literally no login system, there’s nothing to phish.

There is honestly no reason to use SSL on a static website that has no login system and just displays some content.

IE a static blog or etc, where the only content on the website is just “look at this stuff, okay thank you!”

Bogasse@lemmy.ml · 7 months ago

That’s still my point, for example you could inject your own login system “create an account to keep track of your favorite artists, or some new shiny feature”. For there you can get people’s personal information, potentially a password they use on other services.

An URL is something the general public will trust, if the content can be messed with you repurpose the website’s reputation. I took phishing as an example but even my not-so-creative and non-expert brain can think of other things : asking for donations, propaganda, advertising, censorship, …

db0@lemmy.dbzer0.com · 7 months ago

Ssl doest hide the url you’re visiting

Rikudou_Sage@lemmings.world · 7 months ago

It does. Anyone sniffing the traffic can only see the domain.

hansl@lemmy.world · 7 months ago

Not if you use DNSSEC.

Alex@lemmy.ml · 7 months ago

Yes it does. You can derive the domain from snooping DNS lookups but the URL is part of the encrypted get header.

AProfessional@lemmy.world · 7 months ago

The domain is a public part of TLS itself, SNI, for now.

7 months ago

Yeah we’re need encrypted SNI. I hear it’s coming soon.

"No, seriously. All those things Google couldn't find anymore? Top of the search pile. Queries that generated pages of spam in Google results? Fucking pristine on Kagi – the right answers, over and ov

"No, seriously. All those things Google couldn't find anymore? Top of the search pile. Queries that generated pages of spam in Google results? Fucking pristine on Kagi – the right answers, over and ov

Pluralistic: Too big to care (04 Apr 2024) – Pluralistic: Daily links from Cory Doctorow