7 Comments
User's avatar
❓❗'s avatar

Your prerequisite to showing how HTTPS is unsafe is that you’ve already agreed to give your information to the third party.

The answer to the question, is HTTPS safe?, is yes.

This section is misleading at best. The caveats are only: CA hacks (very unlikely) or access to your machine to install certificates.

Expand full comment
Michael McGarry's avatar

I mean this is how most corporate proxies work.... allowing the company to view all traffic sent over the network.

Expand full comment
Fai C's avatar

HSTS further improve HTTPS. There is not perfect security in the world, at the end if we need to transact, we need trust.

Expand full comment
Hiren's avatar

How intermediate server get private key ??

Expand full comment
lass's avatar

This post is misleading. Https is really safe. This scenario in the blog can happen only for self-signed certificate. The role of Certificate Authority(CA) is to avoid what the blog mentioned.

Expand full comment
bemmi's avatar

How would the request be maliciously routed to an intermediate server in practice? Would it need malware installed? Thanks as ever - love these quick grabs arriving in my inbox :)

Expand full comment
vignesh velan's avatar

DNS Server Hijacking and Dos/DDoS can be used to hack and act as intermediate server

Expand full comment