Michał "rysiek" Woźniak · 🇺🇦Jun 7, 2024

Lukewarm take:

When I see general* "security advice" that mentions "do not use public WiFi" or "use a VPN", I am immediately suspicious about all other advice offered.

Yes, a decade ago that was a consideration, because most sites were not using HTTPS. Credentials were flying cleartext on the wire.

Today, almost all sites use HTTPS. Doesn't mean the risk is zero, but it's way lower.

*) "general" meaning "without a very specific threat model in mind", meant for general public, etc.

#InfoSec

Show threadMichał "rysiek" Woźniak · 🇺🇦Jun 7, 2024

Actually, downgraded that take to "lukewarm", it should really not be controversial at all these days. It's been a hot minute since LetsEncrypt changed the HTTPS landscape!

What is beyond me is that such "security advice" still gets pushed. 

Show threadMichał "rysiek" Woźniak · 🇺🇦Jun 7, 2024

Also, shout-out to @letsencrypt for dramatically changing the security landscape of the Web for the better over the years.

Rarely is there an example of a project so effective and so directly improving everyone's lives, while at the same time keeping the original engineering mindset and just Doing Stuff Right™ humbly in the background.

Next November it will have been exactly a decade since LE started. We all owe them a huge 10th birthday party.

#InfoSec

Show threadBen CurthoysJun 7, 2024
@rysiek @letsencrypt All my podcasts are supported by adverts for VPNs and I don't understand what they are supposed to be protecting you from these days.
Show threadMike EdeyJun 8, 2024
@bencurthoys @rysiek @letsencrypt because poking holes in streaming setvice[s] geofencing is a large market that we (temporarily) have a polite agreement to not put front and centre.
Show threadThe Jack of Sandwich
@mce @bencurthoys @rysiek @letsencrypt though recently i had an issue with Hulu rejecting my login and when I called for customer service the first thing they asked was if I was using a VPN. I think they'll be cracking down on VPN
Jun 8, 2024 at 10:01pmWeb