My post explained in detail how HTTPS prevents DNS spoofing. If you do not understand any of the steps in my argument, please point them out. Otherwise, if you are unable to understand how TLS and certificates work that is not my problem and I ask you to please stop spreading misinformation based on your misunderstanding.
> When you say "easier to detect", are you meaning easier to detect by people who don't recognize that their ISP injects ads?
I mean easier to detect by people who know how HTTPS works, i.e. by technical experts. There are people monitoring the Certificate Transparency logs for domains that have certificates being issued by a different authority than they normally use and/or by an authority that does not match the DNS CAA record.
> How do I, right now check if my ISP is spoofing my DNS to MITM my access to my https site? 'Cause I have no clue.
It's extremely simple: does the lock icon in your URL bar have an error symbol? If no, you can be almost[1] 100% certain the site you are connecting to has not been spoofed because it has a valid certificate. If yes, you should assume you have no better (though also no worse) security than unencrypted HTTP. If you want to go further you can view the certificate your browser received and compare it against the certificate presented to other services running on other networks, e.g. the Qualys SSL Labs server test: https://www.ssllabs.com/ssltest/
> Which was my point - what is the security threat I should care about?
To me this is a question of whether you respect and value your user's privacy and security. Enabling HTTPS (and HTTPS-only) is so trivial today that there is no reason not to do it. HTTPS is just basic security hygiene on the modern web regardless of the "importance" of the data. ISPs and other middle networks have proven themselves to be untrustworthy over the years and authenticated encryption (such as that provided by HTTPS) is the only workable defense.
> But again I ask what are the negatives? If I switch my site to https-only, how many people or devices will be negatively impacted?
Virtually none. Even on fairly ancient Android phones (Android 4.1+), which are the least likely to receive software updates, you can install Firefox and get a modern TLS stack and root store. Pretty much every desktop and laptop PC made in the last 10 years can run the latest version of Windows or Linux with the latest version of Firefox or Chrome. Sticking with software so obsolete it cannot interoperate with modern TLS is a choice and the people making that choice should be knowledgeable enough to understand the consequences of that choice (including the workarounds they can do to accommodate that obsolete software, e.g. proxy servers).
> Which doesn't require https-everywhere, only https on most/significant number of places.
If you do not use HTTPS on your site then the cost of surveilling your site is 0 regardless of whether other sites use HTTPS.
> And you're fine with that at a technical level, since https doesn't prevent it.
Yes, I am fine with that because it means that I got exactly what you intended me to receive and I can be confident in ascribing that decision to you and to judge you by that. My point about ad injection was just to show a real-world scenario where an ISP or other middle network has tampered with the data being delivered. You say you are a leftist, what about if someone inject "alt-right" talking points into your blog? What if someone swapped your contact information for a spoofed version so they can intercept e-mails and other private communication intended for you? What if someone replaced code on your site with malware? What if someone injected a script into your site to DDoS Github[2]? These are all things that are possible with unencrypted and unauthenticated connections (i.e. plain HTTP). If you can't generalize from the examples I'm giving you then I ask you to engage your imagination more vigorously.
[1] The "almost" qualification is primarily to account for intentional MITM appliances used by whoever is running your network (which would require them to install their own MITM certificate on your client) or malware running on your client, as well as much more rare scenarios like mis-issued certificates or state actor intervention.
It's taken a while because of work, and trying to research things took time.
I weep for the loss of information. I went to postings of mine from 10+ years ago, to see what would happens in an https-only. Very few of my external links still point to valid resources.
https-only increases link-rot. Of my remaining valid links, many are to non-https sites, because the field I'm in is so specialized and not monetized, so things hang on only because they don't need maintenance. Enforce https-only and they are effectively gone. Here's one - http://www.umass.edu/molvis/francoeur/levinthal/Levinthaltex... . No copies appear anywhere else on a DDG search, though it is in archive.org so not quite perma-death.
Here's a 15 year old code base still going strong http://weblogo.berkeley.edu/ (there's also a v3, also with http).
> If you do not understand any of the steps in my argument, please point them out.
You are correct that I know little about https. Here's the scenario I don't understand, which your explanation doesn't cover:
If I connect to https://MrRadar.server/some/url then at this point my browser knows nothing about it. The MITM server uses a self-signed certificate which expires in one second. My browser will accept it, right? And connect? So the MITM server knows what URL I've tried to connect to?
It then slowly responds with a redirect, taking 1 second, to the same URL (possibly using tricks to prevent the browser from a redirect loop). The self-signed certificate has expired, so the browser doesn't use it, and the second attempt isn't MITM'ed.
This goes through, successfully, right? And there's only a short time where I would see any lock icon? So I have to pay very close attention to see it. And if the attacker times it just right, so the https negotiation is better aligned to the one-second transition, that window is even smaller.
How does https prevent this sort of information leakage?
NOT THAT IT MATTERS, because my corporate site, with https, has only a couple of dozen pages and they are all public so simple traffic analysis lets anyone in the middle know what you are reading from my site. So I "ask you to engage your imagination more vigorously" and wonder if sometime switching to https gives people a false sense that people in the middle can't know which pages they access.
> then the cost of surveilling your site is 0
I believe you mean minuscule, since carrying out the surveillance and storing the data have a cost. Making use of the data has an additional cost.
> negatively impacted
As it turns out, I was negatively impacted yesterday. I made a typo in an email pointing them to my web site (think 'ycombintor.com' instead of 'ycombinator.com'). The quick response was that the site wasn't working. I tried, and got the "Warning: Potential Security Risk Ahead" because that alternate site's certificate was invalid. I spent 5 minutes trying to figure out if my hosting site had messed things up, before I got the followup email pointing out the typo.
Without https, it would have been clear that I got the wrong web site.
(While https, of course, doesn't protect against typo-squatting.)
> Sticking with software so obsolete it cannot interoperate with modern TLS is a choice
Shrug. Forcing everyone to use https is also a choice.
I also mentioned old software stacks. I work with scientific code, some dating back decades, and with little funding for maintenance.
I'm dreading what's going to happen at the end of this month when pip drops support for Python 2.7 causing link-rot to make some old projects no longer work, causing the associated papers to no longer be so easily reproducible.
Part of my work today was to get Docker containers set up with Python 2.7, etc., as a sort of refuge, so those tools would be at hand 5 years from now.
Your 'basic security hygiene' is my archival headache.
> what about if someone inject "alt-right" talking points into your blog?
You've already derided my objection to your characterization. I don't know why you think I've changed my opinion.
> What if someone swapped your contact information
I've already pointed out that I don't see that as a valid security threat.
I mean, someone could break down your door and attack you in the middle of the night - does that threat cause you sleep in a safe room?
Do I also have to worry about them bribing the ops people at my hosting provider?
> What if someone injected a script into your site to DDoS Github[2]?
You mentioned that before. Your [2] says: "in order to execute such an attack, the perpetrator has to create a persistent [cross-site-scripting] DDoS scenario on a very popular website, or ... have control over a very high-traffic proxy - in this case ... the Chinese government's network equipment,"
That is obviously outside of my threat model, in the same way I don't have a safe to store my wallet.
If someone could control the Chinese government's network equipment, couldn't they reroute a lot of https traffic to GitHub to DDoS it?
My post explained in detail how HTTPS prevents DNS spoofing. If you do not understand any of the steps in my argument, please point them out. Otherwise, if you are unable to understand how TLS and certificates work that is not my problem and I ask you to please stop spreading misinformation based on your misunderstanding.
> When you say "easier to detect", are you meaning easier to detect by people who don't recognize that their ISP injects ads?
I mean easier to detect by people who know how HTTPS works, i.e. by technical experts. There are people monitoring the Certificate Transparency logs for domains that have certificates being issued by a different authority than they normally use and/or by an authority that does not match the DNS CAA record.
> How do I, right now check if my ISP is spoofing my DNS to MITM my access to my https site? 'Cause I have no clue.
It's extremely simple: does the lock icon in your URL bar have an error symbol? If no, you can be almost[1] 100% certain the site you are connecting to has not been spoofed because it has a valid certificate. If yes, you should assume you have no better (though also no worse) security than unencrypted HTTP. If you want to go further you can view the certificate your browser received and compare it against the certificate presented to other services running on other networks, e.g. the Qualys SSL Labs server test: https://www.ssllabs.com/ssltest/
> Which was my point - what is the security threat I should care about?
To me this is a question of whether you respect and value your user's privacy and security. Enabling HTTPS (and HTTPS-only) is so trivial today that there is no reason not to do it. HTTPS is just basic security hygiene on the modern web regardless of the "importance" of the data. ISPs and other middle networks have proven themselves to be untrustworthy over the years and authenticated encryption (such as that provided by HTTPS) is the only workable defense.
> But again I ask what are the negatives? If I switch my site to https-only, how many people or devices will be negatively impacted?
Virtually none. Even on fairly ancient Android phones (Android 4.1+), which are the least likely to receive software updates, you can install Firefox and get a modern TLS stack and root store. Pretty much every desktop and laptop PC made in the last 10 years can run the latest version of Windows or Linux with the latest version of Firefox or Chrome. Sticking with software so obsolete it cannot interoperate with modern TLS is a choice and the people making that choice should be knowledgeable enough to understand the consequences of that choice (including the workarounds they can do to accommodate that obsolete software, e.g. proxy servers).
> Which doesn't require https-everywhere, only https on most/significant number of places.
If you do not use HTTPS on your site then the cost of surveilling your site is 0 regardless of whether other sites use HTTPS.
> And you're fine with that at a technical level, since https doesn't prevent it.
Yes, I am fine with that because it means that I got exactly what you intended me to receive and I can be confident in ascribing that decision to you and to judge you by that. My point about ad injection was just to show a real-world scenario where an ISP or other middle network has tampered with the data being delivered. You say you are a leftist, what about if someone inject "alt-right" talking points into your blog? What if someone swapped your contact information for a spoofed version so they can intercept e-mails and other private communication intended for you? What if someone replaced code on your site with malware? What if someone injected a script into your site to DDoS Github[2]? These are all things that are possible with unencrypted and unauthenticated connections (i.e. plain HTTP). If you can't generalize from the examples I'm giving you then I ask you to engage your imagination more vigorously.
[1] The "almost" qualification is primarily to account for intentional MITM appliances used by whoever is running your network (which would require them to install their own MITM certificate on your client) or malware running on your client, as well as much more rare scenarios like mis-issued certificates or state actor intervention.
[2] https://www.bankinfosecurity.com/github-hit-by-its-largest-d...