Page 1 of 1

Major browsers to block some plain-HTTP downloads on HTTPS sites

Posted: Thu Apr 11, 2019 6:05 pm
by barbaz
https://www.zdnet.com/article/google-ch ... downloads/

Is this really a significant security advantage?

To me, this would only be an annoyance. I've only ever seen such downloads in legitimate contexts, e.g. Basilisk browser. And in the case of Basilisk, they have checksums on their HTTPS site, so a MitM wouldn't be able to tamper with the download without being noticed.

Re: Major browsers to block some plain-HTTP downloads on HTTPS sites

Posted: Fri Apr 12, 2019 4:01 pm
by therube
Well, that would be one way to put a dent in your competition, wouldn't it.
(Not that basilisk, or anyone out there, is competition to Google.)

Safer?

Less convenient, that is for sure.
Suppose you wanted to do something like download basilisk from within Chrome ;-).

It will force basilisk & all others out there, to essentially force https: everywhere.
(Someone should make an extension, & call it HTTPS everywhere.)

Suppose that if they've come up with this idea, they have their reasons for it.

I'm not thinking of anything offhand, why it would be "safer"?
I can download a mozilla browser over ftp. (Well, used to.)
Now is that "safer" then downloading it via https?

So long as you can verify authenticity... wouldn't care of it came from torrent or magnet or email or ... hand delivery.

Re: Major browsers to block some plain-HTTP downloads on HTTPS sites

Posted: Tue May 21, 2019 3:17 am
by chrispeddler
While Google Chrome makes their web world make it a safer place, yes, inconvenience would be the problem. You can opt for open source browsers like Mozilla instead.

Re: Major browsers to block some plain-HTTP downloads on HTTPS sites

Posted: Tue May 21, 2019 3:09 pm
by barbaz
chrispeddler, did you even read the article before posting here?