https://therecord.media/firefox-follows-chrome-and-prepares-to-block-insecure-downloads/
Mozilla developers are putting the finishing touches on a new feature that will block insecure file downloads in Firefox.
Called mixed content downloaded blocking, the feature works by blocking files downloads initiated from an encrypted HTTPS page but which actually take place via an unencrypted HTTP channel.
The idea behind this feature is to prevent Firefox users from getting misled by the URL bar and think they're downloading a file securely via HTTPS when, in reality, the file could be tampered with by third parties while in transit.
(Score: 0) by Anonymous Coward on Tuesday August 24 2021, @05:49PM (2 children)
Yes, and even if that were ambiguous most people will be downloading not just one package but rather a package and at least some of its dependencies, which taken together can be expected to accurately identify what packages you are requesting with very high confidence.
HTTPS does nothing to conceal which servers you are talking to and does nothing to conceal traffic patterns.
(Score: 0) by Anonymous Coward on Wednesday August 25 2021, @11:03AM (1 child)
>HTTPS does nothing to conceal which servers you are talking to and does nothing to conceal traffic patterns.
This is via .onion, not via plain HTTPS.
(Score: 0) by Anonymous Coward on Friday August 27 2021, @09:39AM
The stated threat model was not just exit nodes monitoring your connection. Without TOR at all, even HTTPS doesn't offer the security they claim. But even if that were the threat model, even exit nodes can still eavesdrop on your HTTPS package downloads and know what packages their users are downloading.