There was a mild uproar recently about Firefox adding a feature that could allow mozilla to push out extension blacklists or something, or disable extensions entirely for a specific site (for "security" of course). I'd read the details but all I have is a reddit link and all the libreddit instances are ratelimited rn: r/MozillaInAction/comments/14rt5jx/firefox_115_can_silently_remotely_disable_my/

so I just saw an HSTS popup and was reminded: there's already a sorta analagous feature that restrict's the user's ability to make their own decisions on privacy/security matters: HSTS. It prevents users from loading a page without working HTTPS even if they want to take that risk, and it is controlled by the site owner entirely, the user has no say.

  • frankfurt_schoolgirl [she/her]
    ·
    1 year ago

    Occasionally there's discourse about how certificate authorities can be abused, like if a government insists that their mitm cert is included or a corporation refuses to allow the cert of someone they don't like. But, with the rise of popular services like Let's Encrypt that give out certs to anyone without asking questions, the chance that CAs get abused is pretty low I think. So https is a improvement in privacy and anything like hsts is good.