F-Droid site certificate expired

> - We went from the vast majority of traffic being unencrypted, allowing any passive attacker (from nation state to script kiddie sitting in the coffee shop) to snoop and any active attacker to trivially tamper with it, to all but a vanishing minority of connections being strongly encrypted.

I still don't understand why this is so terrible.

Public wifi networks were certainly a real problem, but that's not where the majority of internet usage happens, and they could have been fixed on a different layer.

If you're on a traditional home internet connection, who exactly can tamper with your traffic? Your ISP can, and that's not great, but it doesn't strike me as blaring siren levels of terrible, either. Even with HTTPS, the companies behind my OS and web browser can still see everything I do, so in exchange for all this work we've removed maybe 1 out of 3 parties from the equation. And, personally, I trust the OS and browser vendors less than I trust my ISP!

Some progress is better than none, and it's still nice that my ISP can't tamper with my connection any more. Unfortunate, TLS also took away my ability to inspect my own traffic! This makes it more difficult for me to monitor what my OS and browser vendor are doing, and as I've said previously, I trust these parties comparatively less than my ISP.

> - We went from TLS certificates being unaffordable to hobbyists to TLS certificates being not only free, but trivial to automatically obtain.

Sure, but it's also trivial to just throw up a website on Github Pages, or forgo the website completely and use Instagram. TLS is "trivial" if you rely the infrastructure of a specific external party.

Please help me understand what I'm missing because I find this really frustrating!

> Some progress is better than none, and it's still nice that my ISP can't snoop on me any more. Unfortunate, TLS also took away my ability to inspect my own traffic! This makes it more difficult for me to monitor what my OS and browser vendor are doing, and as I've said previously, i trust these parties comparatively less than my ISP.

It might be more correct to say that Certificate Pinning made it so you can't inspect your own traffic - for sites with TLS but without certificate pinning, you can just as easily create your own root certificate and force the browser and OS to trust the cert by installing it at the OS level. This is (part of, atleast) how tools like Fiddler and Charles Proxy allow you to inspect HTTPS traffic, the other part being a mitm proxy that replaces the server's actual cert with one the mitm proxy generates [0]

[0]: https://www.charlesproxy.com/documentation/proxying/ssl-prox...

I've used mitm proxies, the problem is I don't know whether the software is behaving the same way under a proxy as it would normally.

Edit: To be clear, I'm not even suggesting the software would be doing this maliciously! Apps do all sorts of weird things when you try to proxy them, I know this because I do run most of my traffic through a proxy (for non-privacy reasons). Just for example, QUIC gets disabled.

> I still don't understand why this is so terrible.

While I don't really have a scary threat model, I don't love the idea that my ISP could have been watching my traffic. Maybe there's a world where my government has ordered ISPs to log specifics about traffic in order to trap dissidents doing things they don't like. But sure, I live in the US, which isn't (yet) an authoritarian nightmare (yet!). But maybe I live in Texas, and I'm searching for information about getting an abortion (illegal to have one there in most cases). Maybe I'm a schoolteacher in Florida, and I'm searching information on critical race theory (a topic banned from instruction in Florida schools). I want that traffic to be private.

> Even with HTTPS, the companies behind my OS and web browser can still see everything I do, so in exchange for all this work we've removed maybe 1 out of 3 parties from the equation

I mean, that's on you for using a proprietary OS owned by a for-profit corporation. I get that desktop Linux or a de-Googled Android phone isn't for everyone, but those are options you have, if you're really worried.

And there are quite a few major browsers that are open source, so even if you can't inspect their traffic at runtime, if you really are truly serious about this, you can audit their source code and do your own builds. Yes, I would consider that unnecessarily paranoid, but the option is there for you, and you can even run these browsers on proprietary OSes. And honestly, I assume you use Chrome anyway; if that's the case then you clearly are not serious about this if you're using a web browser made by an advertising company. (If you're using something else: awesome, and apologies for the bad assumption.)

> Unfortunate, TLS also took away my ability to inspect my own traffic! This makes it more difficult for me to monitor what my OS and browser vendor are doing

You can still do this, but it does require more work setting up your own CA and installing it as trusted in your own devices, and them MitM'ing your traffic at the router in order to present a cert from your CA before forwarding the connection on to the real site.

Yes, this is out of reach for the average home internet user, but if you are the kind of person who is thinking about doing traffic monitoring on your home network, then you have the skills to do this. Meanwhile, the other 99% of us get better privacy online; I think that's a perfectly fine trade off.

> and as I've said previously, I trust [my OS and browser vendor] comparatively less than my ISP.

My ISP is Comcast; even if my OS and browser vendor was Microsoft or Apple, I think I'd probably still trust Comcast less. Fortunately my OS and browser vendors are not Microsoft or Apple, so I don't have to worry about that, but still.

> Sure, but it's also trivial to just throw up a website on Github Pages, or forgo the website completely and use Instagram. TLS is "trivial" if you rely the infrastructure of a specific external party.

Running a website, even from your home internet connection, still means relying on the infrastructure of a third party. There's no way to get away from that.

And you still can run one without TLS. Browsers will still display unencrypted pages, though I'll admit that I'd be unsurprised if some future versions of major browsers stopped allowing that, or made it look scary to your average user.

> Please help me understand what I'm missing because I find this really frustrating!

I think what you are missing is that people actually do value connection encryption, for real reasons, not paranoid, tin-foil-hat reasons. And while you do present some valid downsides, we believe those downsides are overblown, or at the very least worth it in the trade off. It's fine for you to not agree with that trade off, which is a shame, but... that's life.

If you're that worried about software being that devious, then you probably shouldn't be using that software at all, regardless of your ability to monitor its traffic.

I guess I think it's relatively more paranoid to worry about the ISP being that devious.

> If you're on a traditional home internet connection, who exactly can tamper with your traffic? Your ISP can, and that's not great, but it doesn't strike me as blaring siren levels of terrible, either.

This characterization in on the same level of sophistication as "the Internet is just a series of pipes". Every transit station has the opportunity to read or even tamper with the bytes on an unencrypted http connection. That's not just your ISP, it also includes the ISP's backbone provider, the backbone peering provider, your country's Internet Exchange, the Internet Exchange in the country of the website, the website's peering partner, and the website's hosting partner.

Some of those parties may be the same, and some parties I have not mentioned for brevity. To take just one example: there is only one direct link between Europe and South America. Most traffic between those continents goes via Amsterdam (NL) and New Jersey (US) to Barranquilla (CO), or via Sines (PT) to Fortaleza (BR). Or if the packets are feeling adventurous today, they might go through Italy, Singapore, California and Chile, with optional transit layovers in Saudi Arabia, Pakistan, Thailand or China.

Main point being: as a user, you have no control over the routing of your Internet traffic. The traffic also doesn't follow geographic rules, they follow peering cost. You can't even be sure that traffic between you and a website in your country stays inside that country.

Have you checked the list of root certificates your browser accepts as good?

Do it and tell me you trust websites which have a green lock next to the url..

> Your ISP can

And already has! ISPs used to inject ads into unencrypted connections: https://www.infoworld.com/article/2241797/code-injection-new...

Thanks for this, I legitimately didn't realize every interlink in the entire chain has the ability to tamper with a connection. I'm still very concerned about the centralization of https but I understand the need somewhat more.

I'm not defending the practice, but informing users they've reached a data cap is really not the same thing as injecting ads!

Alright what about telling you about other plans they offer. I'd consider that an ad: https://lukerodgers.ca/2023/12/09/optimum-isp-is-mitming-its...

In my country's ISP, they outright force you to see an ad for 5s before you can open a webpage sometimes.

I mean I trust Linux and Firefox both being open source more than isp

Yes, the trust model for TLS is broken and the handful of attempts made to fix it (Moxie's "Convergence" project from 2011[1], for instance) haven't born fruit.

However, in a security context "takes some effort" is far better than "takes no effort".

If CAA records (with DNSSEC) were used to reject certificates from the wrong issuer, we might even be able to get to "though very imperfect, takes a considerable amount of effort".

DANE is supposed to be the solution to this problem but it's absolutely awful to use and will lead to even more fragile infrastructure than we currently have with TLS certs (and also ultimately depends on DNSSEC). HPKP was the non-DNS solution but it was removed because it suffered from an even worse form of fragility that could lock out domains for years.

[1]: https://en.m.wikipedia.org/wiki/Convergence_(SSL)

this isn't solely about the aspect you're hinting at: plenty of smart appliances are effectively useless/inoperarive if not interacted with with their accompanying proprietary (shitty) smartphone app. Developing an alternative app requires reverse engineering; that's when you realize the current state of the art is obfuscating and encrypting each and every network layer even for gadgets as mundane as an RGB mood light.

Also, don't forget that the route negotiation protocol is mostly unsecured. As we have seen in the past, it is very easy for a 3rd party to (accidentally or intentionally) redirect traffic through its routers.

In practice this means you have to consider the possibility that anyone on the entire internet can inspect your traffic. Traffic from your home in Seattle to Google's west coast data center? For all you know it could be going via Moscow.

Ask gay people in Iran, Uyghurs living in China, and investigative journalists in Washington, if encrypting internet traffic is a good thing or not.

Maybe a more relatable scenario for you - it was only a few years ago that you could turn cable modems into promiscuous mode to see ALL PLAIN TEXT TRAFFIC of the people living in your street!

So, if you you still think encryption isn't needed for the average person - what's your gmail username and password?