12 votes

NeverSSL

7 comments

  1. [5]
    mynameisnotdoug
    Link
    It's this about getting to the captive portal page? I just use captive.apple.com.

    It's this about getting to the captive portal page?

    I just use captive.apple.com.

    3 votes
    1. [3]
      Chobbes
      Link Parent
      Yeah, I feel like the description on the neverssl.com page is really confusing in my opinion. Makes it seem like they're talking about tunneling your bank login through http or something. I just...

      Yeah, I feel like the description on the neverssl.com page is really confusing in my opinion. Makes it seem like they're talking about tunneling your bank login through http or something. I just enter the ip of the router, lol.

      4 votes
      1. [2]
        TheVulpecula
        Link Parent
        This post was really confusing, from the URL without context to the comment by OP, i had to take double take each time. Feels like a clumsy promotion.

        This post was really confusing, from the URL without context to the comment by OP, i had to take double take each time.

        Feels like a clumsy promotion.

        7 votes
        1. Chobbes
          Link Parent
          Yeah, thank god I'm not the only one. It took me an embarrassingly long time to understand what it was getting at... I was kind of screaming at the suggestion to use plain http for "login" and...

          Yeah, thank god I'm not the only one. It took me an embarrassingly long time to understand what it was getting at... I was kind of screaming at the suggestion to use plain http for "login" and "payment pages". I feel like somebody less tech savvy could really get the wrong idea from this.

          4 votes
    2. Greg
      Link Parent
      The venerable example.com also tends to work well for this. I used to like using purple.com, which came with the bonus that friends and family who needed tech support would think I was messing...

      The venerable example.com also tends to work well for this. I used to like using purple.com, which came with the bonus that friends and family who needed tech support would think I was messing with them and be doubly surprised when it actually worked, but eventually someone managed to buy it and put a proper https website on there.

      2 votes
  2. rkcr
    Link

    You should always use SSL and secure encryption when possible. In fact, it's such a bad idea that most websites are now using https by default.

    And that's great, but it also means that if you're relying on poorly-behaved wifi networks, it can be hard to get online. Secure browsers and websites using https make it impossible for those wifi networks to send you to a login or payment page. Basically, those networks can't tap into your connection just like attackers can't. Modern browsers are so good that they can remember when a website supports encryption and even if you type in the website name, they'll use https.

    2 votes