Stefan Tilkov · Oct 16, 2017 · 5:15 AM UTC

Stefan Tilkov @stilkov

16 Oct 2017

I don’t use a VPN, even on public WiFi, because I don’t use any unsecured protocols (except for occasional public HTTP). Am I being naïve?

Daniel 🖖 Schneller · Oct 16, 2017 · 6:34 AM UTC

Daniel 🖖 Schneller @dschneller

16 Oct 2017

TLS Man in the Middle attacks. Most apps won’t complain about injected certificates.

Stefan Tilkov · Oct 16, 2017 · 8:56 AM UTC

Stefan Tilkov · Oct 16, 2017 · 8:56 AM UTC

Stefan Tilkov @stilkov

16 Oct 2017

An app that doesn’t complain about invalid certificates has no business running on my machine

Oct 16, 2017 · 8:56 AM UTC

Daniel 🖖 Schneller · Oct 16, 2017 · 5:16 PM UTC

Daniel 🖖 Schneller @dschneller

16 Oct 2017

But do you know? IIRC someone recently posted that even Virus Scanners sometimes pull updates via HTTP in the background.