Major browsers to block some plain-HTTP downloads on HTTPS sites

Talk about internet security, computer security, personal security, your social security number...
Post Reply
barbaz
Senior Member
Posts: 9175
Joined: Sat Aug 03, 2013 5:45 pm

Major browsers to block some plain-HTTP downloads on HTTPS sites

Post by barbaz » Thu Apr 11, 2019 6:05 pm

https://www.zdnet.com/article/google-ch ... downloads/

Is this really a significant security advantage?

To me, this would only be an annoyance. I've only ever seen such downloads in legitimate contexts, e.g. Basilisk browser. And in the case of Basilisk, they have checksums on their HTTPS site, so a MitM wouldn't be able to tamper with the download without being noticed.
*Always* check the changelogs BEFORE updating that important software!
-

User avatar
therube
Ambassador
Posts: 7425
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: Major browsers to block some plain-HTTP downloads on HTTPS sites

Post by therube » Fri Apr 12, 2019 4:01 pm

Well, that would be one way to put a dent in your competition, wouldn't it.
(Not that basilisk, or anyone out there, is competition to Google.)

Safer?

Less convenient, that is for sure.
Suppose you wanted to do something like download basilisk from within Chrome ;-).

It will force basilisk & all others out there, to essentially force https: everywhere.
(Someone should make an extension, & call it HTTPS everywhere.)

Suppose that if they've come up with this idea, they have their reasons for it.

I'm not thinking of anything offhand, why it would be "safer"?
I can download a mozilla browser over ftp. (Well, used to.)
Now is that "safer" then downloading it via https?

So long as you can verify authenticity... wouldn't care of it came from torrent or magnet or email or ... hand delivery.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 5.1; rv:52.0) Gecko/20100101 SeaMonkey/2.49.5

chrispeddler
Posts: 3
Joined: Fri May 10, 2019 9:51 am

Re: Major browsers to block some plain-HTTP downloads on HTTPS sites

Post by chrispeddler » Tue May 21, 2019 3:17 am

While Google Chrome makes their web world make it a safer place, yes, inconvenience would be the problem. You can opt for open source browsers like Mozilla instead.
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.157 Safari/537.36

barbaz
Senior Member
Posts: 9175
Joined: Sat Aug 03, 2013 5:45 pm

Re: Major browsers to block some plain-HTTP downloads on HTTPS sites

Post by barbaz » Tue May 21, 2019 3:09 pm

chrispeddler, did you even read the article before posting here?
*Always* check the changelogs BEFORE updating that important software!
-

Post Reply