Stefan Tilkov · Oct 16, 2017 · 5:15 AM UTC

Stefan Tilkov @stilkov

16 Oct 2017

I don’t use a VPN, even on public WiFi, because I don’t use any unsecured protocols (except for occasional public HTTP). Am I being naïve?

Alexander Köpke · Oct 16, 2017 · 5:39 AM UTC

Alexander Köpke @koepalex

16 Oct 2017

Some open WiFi system inject JS Content into your HTTPS via MITM. This is a „service“ to show time left in free WiFi... and obvious not safe

Jens Schauder · Oct 16, 2017 · 5:43 AM UTC

Jens Schauder @jensschauder

16 Oct 2017

Any resources how that works? To my understanding, this shouldn't be possible.

Alexander Köpke · Oct 16, 2017 · 5:48 AM UTC

Alexander Köpke @koepalex

16 Oct 2017

Private selfsigned wildcard cert on router, router is man in the middle, a lot of browser show cert error, but most people I saw don‘t care

Stefan Tilkov · Oct 16, 2017 · 6:08 AM UTC

Stefan Tilkov · Oct 16, 2017 · 6:08 AM UTC

Stefan Tilkov @stilkov

16 Oct 2017

Understood. I *do* care very much :)

Oct 16, 2017 · 6:08 AM UTC

Alexander Köpke · Oct 16, 2017 · 6:11 AM UTC

Alexander Köpke @koepalex

16 Oct 2017

And are you sure your e-mail clients and other apps/programs care as much as you do (cert pinning, no non SSL fallback...)?

Stefan Tilkov · Oct 16, 2017 · 6:15 AM UTC

Stefan Tilkov @stilkov

16 Oct 2017

I’m not, that’s why I’m asking :) My OS, messenger, mail, and browser are all mainstream and running the latest version.