Computer security is NOT a product
At the time of writing I can’t access one of my favorite tech fora, which is the FreeBSD forum, because their certificate has expired. Seems somewhat sloppy indeed. However, what really upset me here was learning how my browser of choice (Opera) was now treating me like some sort of idiot.
It refused to give me access to the website because it deemed it “not private”. Which is not necessarily true because even an expired certificate can still be used for setting up an encrypted connection. But because the website opted for “HSTS” (which stands for HTTPS Strict Transport Security) it is impossible to access it anymore because most major browsers have opted to remove the feature which allows us to override this.
Which I think is utterly stupid. In fact: I think this nonsense can easily have the opposite effect of what was intended. I believe we’re in a period where many people seem to have a complete misconception about what security actually is and how it is achieved and maintained.
The power of the InterNet
So today when I checked up on my favorite news site I saw a story about a 9 year old kid who maintained a blog about the food she and her schoolmates got served for lunch. And judging by the pictures of it it didn’t really look that appealing to me. Just check out the article on The Register, here you’ll also find links pointing to the original blog itself.
And what did the school do? As could be expected they focussed on trying to keep her quiet.
However, this time the Internet was involved…
