[Info-vax] Google's business model (was Re: forum.vmssoftware.com/)

Johann 'Myrkraverk' Oskarsson johann at myrkraverk.invalid
Wed Sep 27 21:30:11 EDT 2023 

On 9/12/2023 3:08 AM, gah4 wrote:
> On Monday, September 11, 2023 at 10:58:31 AM UTC-7, Simon Clubley wrote:
> 
> (snip)
> 
>> And when that happens (and it does sometimes happen), that issuer has just
>> committed suicide if it can be shown to be incompetence on the part of the
>> issuer. CAs have been dropped in the past from the major web browsers
>> because of this, but I can't remember the details.
> 
>> (Other possibilities include a nation-state attack with a vector the issuer
>> could not reasonably have been aware of).
> 
> This often enough happens when there isn't much trust needed.
> 
> If I want to download some documentation, so that no personal
> information is needed, why the security?

[I'm late in the game, but not so late a reply isn't worth it.]

The real reason for SSL everywhere is, putting my tinfoil hat on, to
make sure ISPs can't mess with Google's business model: sell ads.

People who've never experienced it, can't really imagine it, but HTML
injection used to be a thing, and ISPs would inject ads on pages their
customers browsed, possibly replacing the Google ads.

My own experience -- when I noticed it -- was rather benign: the cafe's
wifi bill hadn't been paid, and since I was browsing a http only website
at the time, I got the notification, and showed the staff.

Xah Lee has a screenshot on his website, of the problem in action.

   http://xahlee.info/w/china_ISP_ad_injection.html

And a link to Ars Technica article from 2013 on the subject.  Which is
coincidentally the same time frame letsencrypt started.  I remember
reading about letsencrypt in 2013 or so, but it wasn't ready yet, so I
couldn't use it for my own website at the time.

My personal take on it is this: it's much more believable that it's all
about Google's business model than end user security, but we're being
told it's about security, as a psyop.

[snip]

-- 
Johann | email: invalid -> com | www.myrkraverk.com/blog/
I'm not from the Internet, I just work there. | twitter: @myrkraverk

More information about the Info-vax mailing list