undefined | Better HN

0 pointsmvkg3y ago0 comments

You mirror Z-Library but don't support TLS on any of your sites. This seems like an odd choice. What is your threat model?

0 comments

primax3y ago

Probably 'I want to archive books'. Not 'I want end to end privacy for anyone clicking on my plain text site with a few torrent links.

chaxor3y ago

TLS doesn't matter / isn't needed here right? The IP address is still in the header from what I understand. So the only thing https can hide is the content, such as a credit card or password that you enter into the site. The fact that it's a plaintext website that doesn't change means that the exact same information is encoded in simply giving the IP address as there is in knowing that someone looked around the site - because there's nothing else to do? I would like to learn more about how I am wrong, if I am wrong.

cesarb3y ago

> So the only thing https can hide is the content, such as a credit card or password that you enter into the site.

TLS is not only for hiding the content, it's also for authentication: it ensures that no malicious middle party can modify the content, for instance to inject malicious Javascript (for an example of this happening, read about the "Great Cannon" attack on GitHub).

candreasen3y ago

It also hides what URLs you visited. Depending how the hosting is implemented, just being able to see the IP, or even the domain name, wouldn't show what you were doing, but if it's in plaintext, they can see exactly what pages were visited and files downloaded

j / k navigate · click thread line to collapse