undefined | Better HN

0 pointschime13y ago0 comments

If clearing the browser cache/cookies makes the browser forget about STS for each domain, then MITM attacker gets a lot more chances to intercept and attack. I don't have stats on how often average users clear their browsers but it is a fairly common troubleshooting step so most people are aware of it.

If clearing the browser cache/cookies does not make the browser forget about STS for each domain, then we got another way to maintain http://samy.pl/evercookie/

0 comments

2 comments · 1 top-level

icebraining13y ago· 1 in thread

The whole point of tracking cookies is to maintain some identifier. With STS you only get 1 bit, how do you identify them? All users who have visited the site since (now - STS expiration length) look the same.

LeafStorm13y ago

On the other hand, if the Chinese government finds out you have an HSTS flag for https://www.youversion.com/ or some such...

j / k navigate · click thread line to collapse