Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Uh, for something touting e2e encryption and security it would be better if the site did not serve over plain http by default


https adds nothing to a page when the only trafic is server -> client


Of course it does, HTTP is never only server -> client - from preventing a passive eavesdropper from seeing what pages are being browsed on the server, cookies, UA fingerprinting etc. to active content modification in transit.


Pages are still visable in the tls handshake, no coockies on this page (that would be client-> server traffic). But yeah, good point about the fingerprinting and content modification


No, they aren't - just the hostname (domain name).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: