• Xephonian
    link
    fedilink
    arrow-up
    1
    arrow-down
    9
    ·
    edit-2
    5 months ago

    TLS 1.0 was released in 1999 as an upgrade from SSL 2.0 and 3.0.

    And these days we’re on v1.3 - https://www.cloudflare.com/learning/ssl/why-use-tls-1.3/

    Notice anything? There’s always a flaw. The general public hasn’t discovered it in TLS1.3…yet

    And again, Banking websites, some stuff makes a lot of sense to use encryption.

    Just not everywhere.

    • Possibly linux@lemmy.zipOP
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      1
      ·
      edit-2
      5 months ago

      TLS could be the most flawed system on Earth and it would still be better than no TLS. Plain traffic is just that, plain. I can do whatever I want to your web browser as I can arbitrarily change the contents of websites. I can make a page be full of ads or do more malicious things such as replacing a page with a phishing site or running something like beef which allows me to have full control of a browser and to pull all information. I could also exploit any vulnerabilities in the browser to do privilege escalation although to be fair major security CVEs are rare.

      This is literally a community about privacy. I don’t understand why you wouldn’t want https. It works out of the box and it is implemented pretty much everywhere. If a site doesn’t use it that site isn’t really worth using as it take very little time to setup with Let’s encrypt.