Downloads are no longer available over HTTPS? Topic is solved
Moderators: FranklinDM, Lootyhoof
Downloads are no longer available over HTTPS?
I wonder why the Pale Moon downloads on website are no longer available over HTTPS
Re: Downloads are no longer available over HTTPS?
They never were or should have never been offered via HTTPS.. Doing so for public files adds a lot of overhead and work for the servers. Besides, there are PGP keys and/or SHA256 hashes for you to confirm authenticity. If that isn't enough and the download is suspect you can always ask...
Re: Downloads are no longer available over HTTPS?
Tobin, you're forgetting one of the (main?) benefits of encryption. What about those who want to download the file, and maintain privacy by not announcing to anyone listening that they are downloading said file?
-
- Lunatic
- Posts: 385
- Joined: 2013-12-19, 15:12
- Location: Sweden
Re: Downloads are no longer available over HTTPS?
Why do you need to hide that you are downloading Pale Moon...?
You can use a VPN if you need to hide your traffic.
You can use a VPN if you need to hide your traffic.
Administrator on Windows Server to Workstation
Moderator (and "undercover" Admin) on The Windows Club Forum
Security: EAM, Comodo Firewall and HIPS, WinPatrol+, HOSTS-file, UAC (max), Sandboxie, NoScript and ADBlock.
Moderator (and "undercover" Admin) on The Windows Club Forum
Security: EAM, Comodo Firewall and HIPS, WinPatrol+, HOSTS-file, UAC (max), Sandboxie, NoScript and ADBlock.
Re: Downloads are no longer available over HTTPS?
I never say i need to hide my traffic.
Even a VPN dont hide your traffic- ist just goes first over the VPN and then to your ISP. Yes, its then encrypted but you need to trust the VPN more then your ISP. Can you that?
Also downloads over HTTPS is for integrity, but the GPG and checksum file over HTTPS is fine.
I thought Pale Moon itself was available over HTTPS. My bad memory...
Even a VPN dont hide your traffic- ist just goes first over the VPN and then to your ISP. Yes, its then encrypted but you need to trust the VPN more then your ISP. Can you that?
Also downloads over HTTPS is for integrity, but the GPG and checksum file over HTTPS is fine.
I thought Pale Moon itself was available over HTTPS. My bad memory...
Re: Downloads are no longer available over HTTPS?
Because there are different views...BenFenner wrote:Tobin, you're forgetting one of the (main?) benefits of encryption. What about those who want to download the file, and maintain privacy by not announcing to anyone listening that they are downloading said file?
viewtopic.php?f=26&t=8913#p59358
viewtopic.php?f=4&t=14619&p=107592#p104839
Re: Downloads are no longer available over HTTPS?
Downloads have never been available over https, by design.
https exists for security, i.e. secure connections for the transmission of sensitive data, not integrity. Downloading a public binary of Pale Moon is not sensitive data. In-transit tracking of your connections to see what you've downloaded has nothing to do with whether the target site is https or not (and on top, a DNS request for a release mirror host on palemoon.org already gives that away)...
If you don't trust the integrity of what you downloaded, check the SHA-sum, check the cryptographic signatures provided alongside binaries, or check (on windows) the properties of .exe files, tab digital signatures, for the code-signing signatures which also guarantee an untampered binary.
https exists for security, i.e. secure connections for the transmission of sensitive data, not integrity. Downloading a public binary of Pale Moon is not sensitive data. In-transit tracking of your connections to see what you've downloaded has nothing to do with whether the target site is https or not (and on top, a DNS request for a release mirror host on palemoon.org already gives that away)...
If you don't trust the integrity of what you downloaded, check the SHA-sum, check the cryptographic signatures provided alongside binaries, or check (on windows) the properties of .exe files, tab digital signatures, for the code-signing signatures which also guarantee an untampered binary.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite