Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Monday August 23 2021, @11:59PM   Printer-friendly

https://therecord.media/firefox-follows-chrome-and-prepares-to-block-insecure-downloads/

Mozilla developers are putting the finishing touches on a new feature that will block insecure file downloads in Firefox.

Called mixed content downloaded blocking, the feature works by blocking files downloads initiated from an encrypted HTTPS page but which actually take place via an unencrypted HTTP channel.

The idea behind this feature is to prevent Firefox users from getting misled by the URL bar and think they're downloading a file securely via HTTPS when, in reality, the file could be tampered with by third parties while in transit.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Wednesday August 25 2021, @11:03AM (1 child)

    by Anonymous Coward on Wednesday August 25 2021, @11:03AM (#1170767)

    >HTTPS does nothing to conceal which servers you are talking to and does nothing to conceal traffic patterns.

    This is via .onion, not via plain HTTPS.

  • (Score: 0) by Anonymous Coward on Friday August 27 2021, @09:39AM

    by Anonymous Coward on Friday August 27 2021, @09:39AM (#1171373)

    By only offering http, you force users to access your content in a manner that can be eavesdropped. Even Tor exposes the data to exit nodes.

    The stated threat model was not just exit nodes monitoring your connection. Without TOR at all, even HTTPS doesn't offer the security they claim. But even if that were the threat model, even exit nodes can still eavesdrop on your HTTPS package downloads and know what packages their users are downloading.