Homepage logon dangers.

Thoughts on the further development of Haven & Hearth? Feel free to opine!

Re: Homepage logon dangers.

Postby shubla » Sat May 15, 2021 9:30 am

The problem with changing at this point is so much has been developed and so many holes plugged, new systems will effectively make the whole thing worse for the foreseeable future

There are better alternative systems? Like what?
I'm pretty sure there are none, except stuff like web of trust which I mentioned earlier, but that will never happen in practice.
All other systems just end up replicating CA system more or less, when you think of how to make them work when there are billions of users out of which 99,99% barely can turn the computer on.
Image
I'm not sure that I have a strong argument against sketch colors - Jorb, November 2019
http://i.imgur.com/CRrirds.png?1
Join the moderated unofficial discord for the game! https://discord.gg/2TAbGj2
Purus Pasta, The Best Client
User avatar
shubla
 
Posts: 13043
Joined: Sun Nov 03, 2013 11:26 am
Location: Finland

Re: Homepage logon dangers.

Postby MagicManICT » Sat May 15, 2021 5:55 pm

shubla wrote:
The problem with changing at this point is so much has been developed and so many holes plugged, new systems will effectively make the whole thing worse for the foreseeable future

There are better alternative systems? Like what?
I'm pretty sure there are none, except stuff like web of trust which I mentioned earlier, but that will never happen in practice.
All other systems just end up replicating CA system more or less, when you think of how to make them work when there are billions of users out of which 99,99% barely can turn the computer on.

Read a bit on the subject? Follow the deeper discussions? Like I said, this system is so entrenched now nobody is really trying to propose alternatives, but there were a lot back in the day.

FWIW, if you're that worried about your personal information getting ganked by hackers, you need better tools. Quit using Chrome. Period. Get better sofware. Tor comes to mind. Don't let web servers dictate your level of security. Take control of it yourself.
Opinions expressed in this statement are the authors alone and in no way reflect on the game development values of the actual developers.
User avatar
MagicManICT
 
Posts: 18437
Joined: Tue Aug 17, 2010 1:47 am

Re: Homepage logon dangers.

Postby shubla » Sat May 15, 2021 6:35 pm

MagicManICT wrote:Read a bit on the subject? Follow the deeper discussions? Like I said, this system is so entrenched now nobody is really trying to propose alternatives, but there were a lot back in the day.

Well I've read enough to come to the conclusion that there is really no way out. CA system could be improved by perhaps further restricting who can give them out, but other than that there is not much to do, as in all systems there would be something central, some "root trust" (like CA's) that you would just have to trust to visit any sites in any feasible manner. Even if there was no money involved the security risks would still be there if the root trust thing was compromised etc. Track record of CA system is relatively good after all.

I think that using tor for ordinary browsing is unnecessary even if you want to avoid getting hacked. If something, using it is perhaps even more dangerous than normal browser because HTTP traffic would go through exit node owned by god knows who? (ok I've not really looked how it works in case of http but if thats the case its pretty scary)
Image
I'm not sure that I have a strong argument against sketch colors - Jorb, November 2019
http://i.imgur.com/CRrirds.png?1
Join the moderated unofficial discord for the game! https://discord.gg/2TAbGj2
Purus Pasta, The Best Client
User avatar
shubla
 
Posts: 13043
Joined: Sun Nov 03, 2013 11:26 am
Location: Finland

Re: Homepage logon dangers.

Postby shubla » Sat May 15, 2021 6:49 pm

Ironically with TOR using CA's on HTTPS connections is even more important ¦] ¦] because of the malicious exit node risk, than it would be when the data is routed just "normally" through the internet, I'd say.

Interestingly, onion-protocol sites have "solved" the requirement for CA problem with quite simple method. When you connect to onion network site the connection is secure even without any CA signed certificates, how? you say. That is simply because the public key is the actual URL of the site! But of course that just delays the problem, how can you now obtain the correct url when its long and obfuscated, problem which pretty much reduces to the same as the CA problem in the first place... Oh well. Without even mentioning the fact that now you won't get pretty informative urls.
Image
I'm not sure that I have a strong argument against sketch colors - Jorb, November 2019
http://i.imgur.com/CRrirds.png?1
Join the moderated unofficial discord for the game! https://discord.gg/2TAbGj2
Purus Pasta, The Best Client
User avatar
shubla
 
Posts: 13043
Joined: Sun Nov 03, 2013 11:26 am
Location: Finland

Re: Homepage logon dangers.

Postby loftar » Sun May 16, 2021 8:02 pm

It's pretty funny. The existence of LetsEncrypt is pretty much just the local mafia offering to provide "protection" for free to businesses under $XXX per year*, and apparently that has had the effect that everyone now loves the mafia. "Why don't you have the 'under protection' sign on the door? I'm not sure I dare to enter your shop."

I do wonder if the people in this thread defending the X.509 system even know how it works. For the sake of clarity, your operating system comes with a (long) list of root certificates, and a certificate that is signed by any of them is considered valid and completely secure. Have you checked the list of authorities that your web browser/operating system trusts? As it stands, you implicitly trust all of these many dozens authorities, ranging from private corporations with ties** to any and every three-letter organization you can think of, American or otherwise, to authorities directly run by pretty much any state actor worldwide. You do realize that anyone wanting to eavesdrop on you doesn't need ties to the authority that issued the certificate of the site you're connecting to, but simply to any one of them? You may meme about how insecure self-signed certificates are, but if you step back and think about it for just a second, you should realize just how ludicrously stupid the system is. Out of all the alternatives, it's arguably the single worst way to implement certificate authentication that you could think of. Unless you want to be able to eavesdrop on people, that is. Then it's great.

And there are so many good alternatives, too. PGP-like web-of-trust models aside, it would have been easy to implement a LetsEncrypt-like system of domain validation just by putting the correct certificate in DNSSEC instead of using a CA. You'd get all the upsides of LetsEncrypt with none of the centralization. There even were attempts to do exactly this, but they were apparently dropped because of LetsEncrypt. Go figure. I wonder who wanted that. Apparently Google didn't not want it, at least.

And the problem isn't just limited to eavesdropping, trust and centralization, either. It's also very technical with the X.509 format only allowing one single signer per certificate. If I could simply add LetsEncrypt as another signer on my certificate, I would have less compunctions about it, but the fact that it needs to displace my own certificate really is a nice finishing touch. Doing that actively makes the alternative TLS validation in the client less secure.

The worst thing is that LetsEncrypt has come around and entrenched the CA system much further than it ever was prior to it, because "now that everyone can get a 'free***' certificate" browser implementations have started forcing it upon everyone, as detractors of private signing have amply demonstrated in the thread. Prior to LetsEncrypt, there was actually some legitimate debate around the CA system, but I guess it's just not important any longer, all thanks to LetsEncrypt. :P

And indeed that has clearly had its effect on the public opinion displayed in this thread. I mean, don't get me wrong, it's not like I don't recognize the importance of encryption or anything, but I would remind you that LetsEncrypt has only been in public operation for hardly five years, and prior to that, running unencrypted web traffic was considered completely normal for sites without special security needs. Public WiFi may have become slightly more common since then, but the vast majority of people do connect via connections where you'd expect a man-in-the-middle-attack about as much as (or arguably less than) you might expect a false CA-issued certificate anyway.

WojtylaKarol wrote:Still, your previous statement is wrong, it is not any issue with browsers, it is normal behaviour for browsers to accept only the certificates signed by trusted providers aka CA.

No, his statement is not wrong, because that being the normal behavior is precisely the issue with the browser implementations. I do have to say I find it pretty ironic that you have all these strong opinions about network security and yet you have zero compunctions about any of the above, as if it didn't even matter. It's one thing if you come out on the side of the CA mafia in the end despite that, but not even acknowledging the issues with it is a pretty simplistic and non-nuanced position to take.



But, it seems everyone loves the mafia these days, so the day may not be far off that I too need to join the ranks of the protected. It would be a real pity if that nice site of yours got buried in the Google search results huh, wouldn't it? Who ever needed a free and decentralized Internet anyway? I for one can't wait for the day when LetsEncrypt stops issuing certificates to sites with uncomfortable political opinions.

* Yes, I realize that LetsEncrypt is free for everyone and the analogy isn't perfect, but instead it isn't free for anyone with even slightly special requirements or circumstances, nor does it take away its connections to the CA mafia.
** Not just alluded or confirmed by third-parties, but self-admitted and advertised!
*** In terms of money and money alone.
"Object-oriented design is the roman numerals of computing." -- Rob Pike
User avatar
loftar
 
Posts: 8926
Joined: Fri Apr 03, 2009 7:05 am

Re: Homepage logon dangers.

Postby jorb » Sun May 16, 2021 8:37 pm

shubla and crew confirmed for CIA shills. :yes:
"The psychological trials of dwellers in the last times will be equal to the physical trials of the martyrs. In order to face these trials we must be living in a different world."

-- Hieromonk Seraphim Rose
User avatar
jorb
 
Posts: 18263
Joined: Fri Apr 03, 2009 7:07 am
Location: Here, there and everywhere.

Re: Homepage logon dangers.

Postby shubla » Sun May 16, 2021 9:13 pm

3-letter organizations spying

No user cares about that when they get their bank account emptied because somebody inserted fake link into hnh store, because they did not want to use the site that their browser warned them about.
What are you going to do in that situation? Say that X.509 is evil because you cannot sign and that government agencies are spying on them if you use certs given by CA?

jorb wrote:shubla and crew confirmed for CIA shills. :yes:

You are threatening safety of thousands because of your personal opinions. Yeah its very sad if you cannot use your own cert on forums anymore, but think of the people who even on this moment use completely unencrypted connections to browse the site, you must have some statistic about how many people are even using the https, which of course, is quite useless, because they probably do not have enough technical knowledge or willingness to use self signed certs securely even if they somehow acquired and verified authenticity of your own root cert.

DNSSEC instead of using a CA. You'd get all the upsides of LetsEncrypt with none of the centralization

Does DNSSEC really save you from centralization? Won't you still need to trust root certificates which is almost equivalent to the CA system? With the bonus of possibly not having to trust hong kongs post office? In the end wouldn't 3-letter organizations still secure access to these root certs, so they could stalk you all day long if they want to?
Of course it would solve your X.509-complex as you'd not need to trust the root certs yourself, only your own ns etc., but think of the ordinary forum user.

running unencrypted web traffic was considered completely normal for sites without special security needs

Using md5 for hashing passwords was considered completely normal, that doesn't mean that one should do it now!

sites without special security needs

H&H is not a site without special security needs, yes payment data is handled by third parties, but you have links on store page where people happily fill their credit card and personal data, because they surely trust you and your site not to lead them into any bad places from the official store page! It's just an accident waiting to happen.


I completely agree with you that DNSSEC sounds pretty good and would be nice if the X.509 was replaced with it.
But what I cannot stand is risking peoples security because of this!
Image
I'm not sure that I have a strong argument against sketch colors - Jorb, November 2019
http://i.imgur.com/CRrirds.png?1
Join the moderated unofficial discord for the game! https://discord.gg/2TAbGj2
Purus Pasta, The Best Client
User avatar
shubla
 
Posts: 13043
Joined: Sun Nov 03, 2013 11:26 am
Location: Finland

Re: Homepage logon dangers.

Postby Zentetsuken » Sun May 16, 2021 9:27 pm

this is all a longcon for shubla, it's clear that he doesn't like the game, he spends so much time posting here there's no way he can even be playing it .... you see, he's been seeding this forum with his highly political opinions for 7 years now, typing so many words and spending so many hours over so many posts that they make up a significant portion of the entire website.

now he spends 20+ hours a week typing up 1000 word essays trying to scare users and push devs in to making the website join the CA mafia all so that it will eventually be taken down when the ultra progressive future internet starts censoring and shadowbanning websites off google results for being filled with highly political opinions

very clever shubla but i figured it out
Image
Image
User avatar
Zentetsuken
 
Posts: 1855
Joined: Sun Jun 20, 2010 4:07 pm
Location: Flavor Town

Re: Homepage logon dangers.

Postby WojtylaKarol » Tue May 18, 2021 2:37 pm

loftar wrote:
WojtylaKarol wrote:Still, your previous statement is wrong, it is not any issue with browsers, it is normal behaviour for browsers to accept only the certificates signed by trusted providers aka CA.

No, his statement is not wrong, because that being the normal behavior is precisely the issue with the browser implementations. I do have to say I find it pretty ironic that you have all these strong opinions about network security and yet you have zero compunctions about any of the above, as if it didn't even matter. It's one thing if you come out on the side of the CA mafia in the end despite that, but not even acknowledging the issues with it is a pretty simplistic and non-nuanced position to take.


But i did, i explained that it is a tradeoff that whole of world has decided to take. You may not like it, just as you may not like how BGP routing works and that it's allowing the Chinese to spy on you on daily basis. But that's how the internet evolved and we have to make some tradeoffs. Now due to BGP issue and issues with websites like yours, a ton of data on users can be collected. "CA mafia" is a great overstatement. As i previously said, thats the way it was set up to be for the security of the end users. Due to how its set up, even when DigiCert was hacked, users of all the companies that used theirs certs, were protected because of that "UNSAFE CONTENT, BIG RED EXCLAMATION MARK" alert in the "corrupt mafia browsers".

Thats the exact reason world moved from the unsafe certification.
Cryptographically it's the same. But organisation wise smaller companies were in no way shape or form able to keep their users secure.

https://nakedsecurity.sophos.com/2020/0 ... tificates/
WojtylaKarol
 
Posts: 13
Joined: Thu Apr 08, 2021 7:31 pm

Re: Homepage logon dangers.

Postby VDZ » Tue May 18, 2021 2:45 pm

WojtylaKarol wrote:that it is a tradeoff that whole of world has decided to take.

You mean that Google decided to take.

WojtylaKarol wrote:But that's how the internet evolved

More like, that's how Google took over the web. Chromium-based browsers have an over 75% market share and as such Google dictates the standards for the web nowadays. It was Google who pushed for the 'warning everytime, no way to remember certificate' approach. The only consensus necessary for such decisions nowadays is a consensus at the Google offices.
User avatar
VDZ
 
Posts: 2660
Joined: Sun Jul 17, 2011 2:27 am

PreviousNext

Return to Critique & Ideas

Who is online

Users browsing this forum: No registered users and 17 guests