Reply to post: Traffic interception

Finally, Mozilla looks at moving away from 'insecure' HTTP. Maybe

Henry Wertz 1 Gold badge

Traffic interception

"HTTPS provides minimal protection against either of these - I've never come across a case of HTTP content being altered in transit, and analysis of HTTPS content is still possible, just not very easy."

I have. Mediacom interferes with people's traffic. I used to see occasional download failures on my Ubuntu updates. Why? I looked at one of the failed downloads, and Mediacom was injecting javascript code (to force some kind of Mediacom-related popup to say they were doing network work) into files that are not even HTML, like package lists and so on. I've also seen the thing at the top of the screen indicating this on pages that *were* HTML. Of course if you go for the other main ISP here (Centurylink), they hijack DNS so unknown domains are falsely redirected to an ad/"search help" page instead of properly returning the address does not exist. Other ISPs have felt free to steal banner ad space from whoever is "supposed" to be using it to insert their own ads. There was that case, just last week, about a Bell Canada being sued because they were tracking people to sell the info, and replacing ads; and people who opted out, they just quit replacing the ads but continued tracking them.

That said -- I think the furthest Firefox should go is to put some kind of warning symbol in the address bar or status bar. It simply doesn't matter if certain types of traffic are secured or not, and for something like a video stream it may just be a waste of CPU cycles. I'd also prefer to choose using some site or not rather than have it just quit working because "HTTP is deprecated." As people say above, a nosey ISP could still perform traffic analysis of HTTPS anyway...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon