Bonum Certa Men Certa

A False Sense of Privacy and Safety is Ruining Otherwise Fine Browsers (Like Kristall)

Video download link | md5sum 32e4ca1c33f9868bad88d181d08783c6 TLS False Positives Creative Commons Attribution-No Derivative Works 4.0



Summary: Impediments to self-hosting and self-determination (not outsourcing of "trust" for instance) are increasing; today we look at the case of Kristall, a highly versatile multi-protocol browser

THE layers of additional complexity often make it hard to set up a Web site and to use a Web browser, confusing both system administrators and users. Geminispace with its capsules model (self-signed certificates) lowered the entry barrier, but the Web persists with the security theatre of chaos. In a nutshell, on the Web you're now expected not just to fully embrace HTTPS but also outsource control over it; many outsource to companies like ClownFlare, which in turn worsens privacy. It's almost a taboo to criticise this.



"The conclusion one can reach is that what used to be a simple protocol has been unnecessarily complicated. Developers too are struggling with this complexity, not just users. And they both suffer."In the video above I demonstrate that Kristall, a Gemini client with support for 3 or 4 other protocols, has an utterly dumb or broken way of handling TSL certificates for HTTPS. Why? It's OK with self-signed for Gemini but not HTTPS. But why? No good reasons! Upon closer scrutiny, the implementation of this is clearly buggy. The complexity messed it up. We should be 'forgiving' towards sites that self-sign certificates (many have legitimate reasons) and less 'forgiving' towards Web browsers that deny this. Who are they serving? Users? Sites? Or the CA cartel?

In the case of Kristall, it seems to boil down to a bug. But it's a very obnoxious one. The software does not seem to be very actively developed anymore (no commits since January), so we are guessing that a fix is not on the way.

The conclusion one can reach is that what used to be a simple protocol has been unnecessarily complicated. Developers too are struggling with this complexity, not just users. And they both suffer.

The Web is closing, it's getting locked down, and not in a positive way.

Recent Techrights' Posts

Brittany Day Can Rest and Let Microsoft/Chatbots Write Fake 'Articles' About "Linux" This Christmas
Who said people don't work on Christmas? Chatbots or plagiarism-as-a-service work 24/7, every day of the year except during Microsoft downtimes
Links 25/12/2024: Windows TCO Brought to SSH, Terence Eden 'Retires'
Links for the day
Gemini Links 25/12/2024: Reality Bites and Gopher Thanks
Links for the day
Links 25/12/2024: Latest Report Front Microsoft Splinter Group, War Updates
Links for the day
Links 25/12/2024: Hong Kong Attacks Activists During Holidays, Xerox to Buy Lexmark
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, December 24, 2024
IRC logs for Tuesday, December 24, 2024
Gemini Links 25/12/2024: Open Source Social and No Search
Links for the day
Brittany Day Connects Windows Ransomware to "Linux" Using Microsoft LLMs (FUD Galore, Zero Effort, No Accountability)
FUD and misinformation made by Microsoft LLMs again?
Links 24/12/2024: Labour Strikes and TikTok Scrambling to Prop Up Radical Politicians That Would Protect TikTok
Links for the day
Where the Population is Controlled by Skinnerboxes Inside People's Pockets (or Purses)
A very small fraction of mobile users practise or exercise freedom/control over the skinnerbox
[Meme] Coin-Operated Publishers (Gaming the Message, Buying the Narrative)
Advertise (sponsor) to 'play'
Advertisers and Their Covert Impact on Publications' Output (or Writers' Topics of Choice, as Assigned or Approved by Editors)
It cannot be trivially denied that sponsorship in the form of "advertising" impacts where publishers go (or don't go, won't go)
Terrible Year for Microsoft Windows in Cyprus
down from 86% to 72% since January
[Meme] How to Kill Unions (Staff on Shoestring Budget Cannot Afford Lawyers)
What next for the EPO? "Gig economy"?
The EPO's Staff Union (SUEPO) Takes Legal Action to Rectify the Decrease in Wages (Lessening of Purchasing Power)
here is what the union published
Gemini Links 24/12/2024: Deedum Gemini Client Gets Colour Support, Advent of Code 2024
Links for the day
Microsoft Windows Slides to New Lows in Colombia
Now Windows is at an all-time low
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, December 23, 2024
IRC logs for Monday, December 23, 2024
A Strong and Positive Closing for the Year's Last Week
In a lot of ways this year was a good one for Free software
Feels Too Warm for Christmas
Christmas is here, no snow in sight
Links 23/12/2024: 'Negative Time' and US Arms Taiwan Again
Links for the day
Links 23/12/2024: The Book of Uncommon Beings, Squirrels, and Slop Ruining Workplaces
Links for the day
Links 23/12/2024: North Korean Death Toll in Russia at ~1,100, Oligarch Who Illegally Migrated/Stayed (Musk) Shuts Down US Government
Links for the day
The World's 'Richest Country' Chooses GNU/Linux
This has gone on for quite some time
Richard Stallman on Love
Richard Stallman's personal website includes a section that lists three essays on the subject of love
Apple's LLM Slop Told Us Luigi Mangione Had Shot Himself, BetaNews Used LLMs to Talk About a Dead Linus Torvalds
They can blame it on some bot
Microsoft, Give Me LLM Slop About "Linux" and "Santa", I Need Some Fake Article...
BetaNews is basically an LLM slop site
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, December 22, 2024
IRC logs for Sunday, December 22, 2024