A False Sense of Privacy and Safety is Ruining Otherwise Fine Browsers (Like Kristall)

Dr. Roy Schestowitz

2022-09-13 07:58:03 UTC
Modified: 2022-09-13 07:58:03 UTC

Video download link | md5sum 32e4ca1c33f9868bad88d181d08783c6 TLS False Positives Creative Commons Attribution-No Derivative Works 4.0

Summary: Impediments to self-hosting and self-determination (not outsourcing of "trust" for instance) are increasing; today we look at the case of Kristall, a highly versatile multi-protocol browser

THE layers of additional complexity often make it hard to set up a Web site and to use a Web browser, confusing both system administrators and users. Geminispace with its capsules model (self-signed certificates) lowered the entry barrier, but the Web persists with the security theatre of chaos. In a nutshell, on the Web you're now expected not just to fully embrace HTTPS but also outsource control over it; many outsource to companies like ClownFlare, which in turn worsens privacy. It's almost a taboo to criticise this.

"The conclusion one can reach is that what used to be a simple protocol has been unnecessarily complicated. Developers too are struggling with this complexity, not just users. And they both suffer."In the video above I demonstrate that Kristall, a Gemini client with support for 3 or 4 other protocols, has an utterly dumb or broken way of handling TSL certificates for HTTPS. Why? It's OK with self-signed for Gemini but not HTTPS. But why? No good reasons! Upon closer scrutiny, the implementation of this is clearly buggy. The complexity messed it up. We should be 'forgiving' towards sites that self-sign certificates (many have legitimate reasons) and less 'forgiving' towards Web browsers that deny this. Who are they serving? Users? Sites? Or the CA cartel?

In the case of Kristall, it seems to boil down to a bug. But it's a very obnoxious one. The software does not seem to be very actively developed anymore (no commits since January), so we are guessing that a fix is not on the way.

The conclusion one can reach is that what used to be a simple protocol has been unnecessarily complicated. Developers too are struggling with this complexity, not just users. And they both suffer.

The Web is closing, it's getting locked down, and not in a positive way. ⬆

Nobody is "Replaced by AI", It's Just a Smokescreen for Jobs Being Eliminated by Lack of Money (Too Much Debt) and Offshoring: It's also why many make the jokes about the "I" in "AI" being "India" or "Indians"
The US Government is Now in the Business (Literally!) of Saving Microsoft and Intel: This means that President TACO/Cheeto now has greater financial incentive to also prop up Microsoft and Windows
The UEFI Restricted Boot 'Time Bomb' is About to Go Off in a Few Weeks: Garrett was the first person to face sanctions (like muting) in our IRC channels because of his abuse; worse yet, he hijacked other people's names and then locked them out of their own accounts
Should Currys PCWorld Start Voiding Warranties of Users of Vista 11?: If a person's laptop has a mechanical issue, should this person replace GNU/Linux with Vista 11 for the repair shop? Only to damage the SSD?
Newer is Not Always Better, and It's Possible That 'Peak' is the Past: People creating their own platforms means progress, whereas centralisation (like moving from blogs to social control media) is the opposite of progress
LLM Hype is Sowing Destruction: It Contributes to DDoS Attacks and Makes the Web Less Accessible (JavaScript "R U Human?" Tests): If it was googlebot, it would be possible to argue that you'd at least then get referral traffic from Google Search. With LLMs, all you get is plagiarised.
Links 24/08/2025: New York Times Talks About Hey Hi (AI) Bubble: Links for the day
Gemini Links 24/08/2025: Upgrading Debian and Mobile-indifferent Design: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Saturday, August 23, 2025: IRC logs for Saturday, August 23, 2025
Richard Stallman's Talk in Buenos Aires Scheduled for 16 November 2025 (a Month After FSF Turns 40): they've just updated their site and Stallman is listed first
Men Who Abuse Women Should Never Spend Over 3 Years of the UK High Court's Time: This demonstrates that we need a reform in the UK
Slopwatch: Linux Journal, WebProNews, LinuxSecurity, and the Serial Slopper: The bubble needs to burst, but even then the Web will be left with residues of these slopfarms
Links 23/08/2025: Science, War, and Important Win for the British Media Against SLAPPers Who Abuse Women: Links for the day
Gemini Links 23/08/2025: BaseLibre Numerical System and Back to Oldschool: Links for the day
"Deserved Victory" for "Women That Suffered": "GNM defended its reporting as being both true and in the public interest and in a judgment on Friday"
Links 23/08/2025: onmicrosoft.com as Spam Cannon, The Cheeto-Intel Deal Is Official: Links for the day
Wired Complained About LLM Slop Only Days Before It Got Caught Doing That Itself: Never throw stones in a glass house
IBM "Value" Down 14.16% in a Month, Red Hat Layoffs Allegedly Discussed 12 Days Ago: "IBM is a dinosaur. Dinosaurs get extinct when the don't keep up."
We're Seeing More Countries Where Windows Isn't Even in Second Place Anymore (Third or Worse): In a way, Microsoft can barely even hold onto second place anymore
Microsoft Workers on Canonical's Payroll: If you want something that's sort of like Ubuntu but is not controlled by Canonical, then look into Linux Mint, Debian, or LMDE
GNU/Linux Climbs to 4% in Sierra Leone: Sierra Leone isn't a very rich country (to say the least), but it's better off than some of its neighbours
The SLAPPS Run Out of Oxygen Because They're Abuse of Process: At the end of the day we plan to publish over 1,000 articles explaining what happened
The Register MS Gets Paid by the Employer of the Previous Editor in Chief to Promote the "AI" Ponzi Scheme, Which Does Considerable Damage to the Web and to Online Journalists: The Register MS can 'badmouth' slop all it wants; it gets paid to inflate this bubble. It's actively participating in it.
Soon It'll be Autumn, Time to Repair Things: Where they don't charge an arm and a leg
Doing Our Best to Cover Software Patents When the Mainstream Media Does Not: Even the FSF has its limits
Gemini Links 23/08/2025: August Questions and Network Solutions: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Friday, August 22, 2025: IRC logs for Friday, August 22, 2025
Microsoft Has Issues in Guyana: It's not just Guyana
About 25% of the "Linux" News/Results in Google News Today Are LLM Slop, Almost 20% From the Same Rogue Operators of Slopfarms: Google, which tries to market itself as an LLM giant, apparently fails to understand what's wrong with it
Harassing People on Holiday: There are "no-go areas"; but that assumes all laws firms have ethical standards
The Great, Undeniable Value of Paper Trail, Not Purely Digital Systems: Suppose you have nothing but bits on someone else's computer and "word of mouth"...
The Company Behind Ars Technica, Reddit and Wired Caught Publishing LLM Slop (It Also Admits It Now): Condé Nast busted
Links 22/08/2025: Lagrange 1.18.8, Wired Magazine and Business Insider Caught Resorting to LLM Slop: Links for the day
This Saturday It's Gonna be 3.5 Years* Since Russia Invaded Ukraine. No Microsoft Protests Against Microsoft Having Provided Russia With Services.: Companies do not have consistent policies and enforcement of "corporate values" is somewhat of an egg salad
Slopwatch: Sites Gone Rogue, Google Promoting Lies, and DDoS Attacks by Plagiarism Giants: Charlatans and frauds engage in a war against artistic industries, mislabeling plagiarism as "AI"
Links 22/08/2025: Cisco Layoffs, LA Times Says "AI Hype is Fading Fast": Links for the day
Gemini Links 22/08/2025: K for Kentucky and Caddy Versus LLM Slopbots: Links for the day
The "End Software Patents" Initiative of the FSF Explains "WHY [to] ABOLISH SOFTWARE PATENTS": We hope to cover patent-related issues more and more as the big anniversary of the FSF approaches
Freenode Sniffing: The grown-ups left the building
The Only Thing Worse Than Misinformation is Misinformation Sold to Everyone as "Intelligence": Misplaced trust is worse than none at all
The Register MS Now Openly Admits LLM Hype Does Damage, But It's Also Being Paid to Participate in the LLM Hype (With Paid 'Articles' and 'Webcasts' for Paying Advertisers): The Register MS gets paid to do this
End of the Smartphone Era? No.: Maybe the media should focus on producing accurate, factual news
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Thursday, August 21, 2025: IRC logs for Thursday, August 21, 2025
Enshittification of Airports, Airlines, and Airplanes: If people are willing to tolerate standard declines and enshittification (nowadays sold as "pivot to AI" or "replaced by AI" or "AI layoffs") they will pay for it some other way
Latest Is Not Greatest: The Case of "Foldable" Tech: don't be shamed into abandoning old things just because the "fashion industry" of Apple and Samsung tells you to
Airlines and Their Tricks That Only Work in the 'Digital Age': People sceptical of the direction technology has taken are not "Luddites"
Open Source Initiative (OSI), Which Became a Propaganda Front of Microsoft and "Hey Hi" (Hype, Misnomer), Wants You to Forget These Scandals: A lot of these issues won't be set aside until there's a resolution

A False Sense of Privacy and Safety is Ruining Otherwise Fine Browsers (Like Kristall)

Recent Techrights' Posts