this post was submitted on 20 Aug 2024
136 points (100.0% liked)

memes

22751 readers
519 users here now

dank memes

Rules:

  1. All posts must be memes and follow a general meme setup.

  2. No unedited webcomics.

  3. Someone saying something funny or cringe on twitter/tumblr/reddit/etc. is not a meme. Post that stuff in !the_dunk_tank@www.hexbear.net, it's a great comm.

  4. Va*sh posting is haram and will be removed.

  5. Follow the code of conduct.

  6. Tag OC at the end of your title and we'll probably pin it for a while if we see it.

  7. Recent reposts might be removed.

  8. Tagging OC with the hexbear watermark is praxis.

  9. No anti-natalism memes. See: Eco-fascism Primer

founded 4 years ago
MODERATORS
WhyEssEff@hexbear.net
MiraculousMM@hexbear.net
FidelCastro@hexbear.net
ella@hexbear.net
corgiwithalaptop@hexbear.net
VILenin@hexbear.net
blashork@hexbear.net
EmmaGoldman@hexbear.net
ZoomeristLeninist@hexbear.net
136
(hexbear.net)
submitted 2 months ago by ButtBidet@hexbear.net to c/memes@hexbear.net
11 comments fedilink hide all child comments
 

linky

you are viewing a single comment's thread
view the rest of the comments
[–] FumpyAer@hexbear.net 7 points 2 months ago* (last edited 2 months ago) (3 children)

You should never be on a regular http site though and every browser has a scare page or a red alert icon in the URL space telling you not to. Simply listen to it and don't go there.

Tor with JavaScript disabled is one of the most secure and private tools we have, since it protects against browser fingerprinting.

Don't go to sites without https under any circumstances.

Edit: you can enable https only mode on Firefox or Tor browser using these instructions: https://support.mozilla.org/en-US/kb/https-only-prefs#w_enabledisable-https-only-mode

[–] FumpyAer@hexbear.net 5 points 2 months ago

And I agree with the other part you said about not using clearnet accounts on your Tor browser. That's arguably more important than Tor vs Mullvad vs tor + vpn distinction.

[–] lurkerlady@hexbear.net 4 points 2 months ago* (last edited 2 months ago)

So like, unless youre really digging into wireshark or something over a long time, you really dont know what connections are encrypted or unencrypted coming from your OS. Thats more what I'm referring to. Certain OSes like whonix have safeguards for this, and linux in general is much better about this. Its hypothetically possible a malicious actor could hijack an operation that isnt encrypted coming from your OS to bork you.

And yeah tor browser on its own without JS and high tracking prevention is the way to go if you dont want a big hassle dealing with your OS. I was more referring to TORing all of your computer traffic, which should only be done with specific OSes. Mullvad browser with vpn is fine for the vast majority of people and it doesnt reduce speed a lot like TOR does.

[–] anarchoilluminati@hexbear.net 4 points 2 months ago (2 children)

So, without details, there is a site I visit that is a regular http site. What should I be worried about?

[–] FumpyAer@hexbear.net 4 points 2 months ago* (last edited 2 months ago) (1 children)

Any sensitive data you submit or get served on that site can be intercepted, read, or possibly changed on the way to you (called a "man in the middle" attack). Including your location data, credit card info, username, password, etc.

A vpn could mitigate this somewhat, but it would still be unencrypted between their network out point and the site's server.

I'd also call it a red flag in terms of their security. If they aren't competent/diligent enough to implement SSL encryption, I'd be a bit worried that they may be vulnerable to a hacker replacing their safe file downloads with a malicious one.

This would be even worse on a public wireless network where somebody could catch your packets on the way to the router.

[–] anarchoilluminati@hexbear.net 3 points 2 months ago

Thanks! I don't use any identifying information and always use VPN. I don't care if they get the username/password for that account anyway. So, I hope that helps. Haha But, yeah, not great for security and always try to avoid http.

[–] Justice@lemmygrad.ml 2 points 2 months ago

In addition to everything already suggested, here's another really small one: retype the url for the site but manually make it https instead of http

Most browsers, most web hosts and whatever else now days automatically force everything into https, but if the site is older, not well maintained, or whatever reason the person has, they might be utilizing this type of stuff. There's basically no reason that a publicly hosted website should not have https that I can think of. Locally hosted stuff, sure, but we're talking just random ass webpage perhaps found on google or something? It should go to a https url otherwise something funky is going on.

But yeah, add an s and see. Especially if you've (against the advice of your browser and OS screaming) turned off the forced automatic https redirect. I've turned it off before while messing with stuff and found there are websites still that don't automatically redirect to https if you mistakenly type http. Seems wild now days but it happens