Web Encryption is now FICTION. But there's LetsEncrypt...
Вставка
- Опубліковано 11 чер 2024
- Web encryption is now completely broken. Recent changes announced in the EU will now ensure that a man-in-the-middle will be common place and we will be made to think that encryption still exists. I will explain this serious issue that really makes our expectation of security and privacy on the internet be complete fiction.
However it is not fiction when you go to websites powered by LetsEncrypt. Let's find out why.
00:00 Intro
02:55 Web Encryption is Broken
06:06 But Wait...The Real Bad News
09:14 History Will Now Repeat Itself
10:58 LetsEncrypt. The Last Bastion of Trust
13:27 LetsEncrypt Demo
18:10 Summary
-----------------------------------
De-Googled Phones are available on brax.me. Around $400. Sign in to the platform to see the store. You will not be asked for personal information like email.
-----------------------------------
Merch Store
my-store-c37a50.creator-sprin...
-----------------------------------
I'm the Internet Privacy Guy. I'm a public interest technologist. I'm here to educate. You are losing your Internet privacy and Internet security every day if you don't fight for it. Your data is collected with endless permanent data mining. Learn about a TOR router, a VPN , antivirus, spyware, firewalls, IP address, wifi triangulation, data privacy regulation, backups and tech tools, and evading mass surveillance from NSA, CIA, FBI. Learn how to be anonymous on the Internet so you are not profiled. Learn to speak freely with pseudo anonymity. Learn more about the dangers of the inernet and the dangers of social media, dangers of email.
I like alternative communication technology like Amateur Radio and data communications using Analog. I'm a licensed HAM operator.
Support this channel on Patreon! www.patreon.com/user?u=17858353
Contact Rob on the Brax.Me App (@robbraxman) for encrypted conversations (open source platform)
brax.me/home/rob Store for BytzVPN, BraxRouter, De-googled Privacy AOSP Phones, Linux phones, and merchandise
bytzvpn.com Premium VPN with Pi-Hole, Cloud-Based TOR Routing
whatthezuck.net Cybersecurity Reference
brax.me Privacy Focused Social Media - Open Source
Please follow me on
Odysee
odysee.com/$/invite/@RobBraxm...
Rumble
rumble.com/c/robbraxman - Наука та технологія
Whenever someone says ‘stakeholder’ post 2019 you should hear ‘slavemaster’. That’s exactly what these people think they are, they believe they own you because you never lifted a finger to put a stop to their control freak insanity.
If you got the jab, or were fooled into wearing a _doesn't-work-anyway_ face diaper that supposedly protects you from the control-ya-virus, then you have already consented that you do not own your own body? We already had a solution, and that was to trust God and your God-designed immune system to develop sufficient natural immunity, which already naturally happens with the colds and flu going around.
I find it very bothersome how "educated" people on the Left, love to use "word salad" to try to confuse us into thinking that they are somehow smart and trust-worthy. Yet they do not appear to represent the interests of the common people, but rather some evil collective control freak mentality. I want to hear stuff that actually makes sense, not BS decorated by fancy "word salad". Terms like "stakeholder", "sustainable", "climate change" should be obvious cues that they are lying to you. Fear-mongering much?
Your alternative is to believe in invisible sky man who can't be found during the worst of human suffering.
@@narcissismisadisease
Is that all that you have? Make fun of people's religious beliefs?
Sad that the evil Left has infiltrated much of our institutions, such that we can hardly trust what any of them say.
Yup.
it's not how the term is used. WEF or stakeholder capitalism 'stakeholder' is literally like almost everyone. E.g. if you're paying YT Premium, you are a stakeholder (because you're a customer) of YT/Google lol. That's the bs con of course, and the part of the narrative where companies and governments (PPP) are the good guys, because they need/have to be, because they should be good and work for the people blah, blah.
Lord bless you Rob. Thankyou for all you are doing. Someday, we will master this beast known as the internet because of work like yours!
dream on lol...
It was never been broken, it was by design.
Bingo.... "be design" is what it is.
I'm not sure how Let's Encrypt can avoid being ordered to give up certificates or any cooperation requested under the Patriot Act simply because they have a physical location in the United States.
They can't .
If the government does this, LE will let you know.
@@greenftechnFBI always receives court order prohibiting the company to inform anyone of anything.
The real question is:
Why do humanity allow, expect even, intelligent psychopaths in powerful positions?
Solve that, and everything else follows automatically.
Cult of personality: if person look good and sound good, then they're good.
My job is to teach you all that there are psycopaths in powerful positions and that you should vote them out. Instead of just accepting things like sheep.
@@robbraxmantech I get that.
But, the fact that nobody is focusing on the root problem, but rather on a multitude of offspring problems, like internet privacy, is obfuscating and debilitating. Spreading our labor thin.
@@elinope4745 Well ... isn't that precisely how an intelligent psychopath would frame the problem?
I would argue, that almost everything we think we know, about hierarchy and leadership is contaminated by generations of intelligent psychopath's relentless shaping and institutionalizing of their own special view on the matter.
Humanity is herded by its own, naturally born, minute minority of intelligent dark triad personalities. It isn't what 99% actually want, and we need it to stop, or die trying.
It is about time the rest of us, took up the gauntlet ... but our problem is focus. We lack focus.
Well that is a reason why I hardly watch TV anymore. The liar TV just can not seem to tell the truth. Why do they adorn Zombie ByeDone with the title "President", when he never led anything but corruption and bribe-taking, and he lost the election? So why then should I believe anything else that the fake-news says, when they can't even get such obvious things right? I notice that people on the Right tend to strip away the fake title. Well at least that is a start to getting to a world that better discerns the truth.
It's by design the system of trust assumes trust is implied. I had a project a while ago were I needed to debug the communication between a proprietary android app and a API server hosted by third party. I installed my own generated certificate authority into android, setup a router that intercepted DNS requests and provided my proxy server as the domain of the the host API. I then signed my proxy server certificate with my certificate authority allowing my proxy to look like the target API server. This is actually easy if you know how. Again this system is designed to be flawed to support spying most certificate authorities are registered and operated out of the US. Haven't people wondered how the US can intercept emails or bank transfers. Or how Apple phones can be decrypted. Public private key security is only secure if you trust the authority.
yup
People need to have their own cypher pads that are interchangeable and regularly cycled so that one time cyphers make the governments attempts mathematically impossible to crack hence why they still use one time cypher pads with international ham radio transmissions, they can assert whatever they want and as long as the cypher pads and the cypher key can be dissolved immediately or immediately lit they haven't got a dam thing and they could have the coded message with a text and still can't prove or crack a dam thing. People use encryption, make your own keys, cypher pads and be ready to destroy at any point, privacy only dies when we accept it as dead. School mathematics makes it where the individuals and masses can take that back and stick it back up at the governments.
Web encryption is controlled by the browser. Not you.
1984 is NOW!
Been using Let's Encrypt/certbot for my Nextcloud's TLS certificate for years now. It's awesome that it's one of those "set it and forget it" kind of things where once it's configured, it just does its own thing and you don't have to mess with it. One thing I did change was I went into the certbot config for my domain and changed key_type from RSA to ECDSA to get elliptic curve encryption instead of RSA.
As soon as I saw the heading "But Wait...The Real Bad News" I knew it was about EU even before I started to listen to this part.
Man, I wish all this had surprised me. PKI certificate fraud is big news to me. But I can't say it surprised me.
I just wanted to point out that even LetsEncrypt can be compelled by a government to give out their keys, so I see no reason to care about their domain cert issuing methodology.
What can work though would be the option to distrust certs issued by authorities from certain countries like i.e. N Korea, Iran, USA, Russia or China.
as the video explains, the EU will compel Browsers to insert their root certs. So that means any fake cert issued by those governments will always work. LetsEncrypt is founded by EFF, the entity promoting our privacy.
Haha, you sound funny. You propose to distrust china, iran, russia etc but for some reason you dont propose to distrust us, eu etc
@@evilballer
Governments and politicians lie to the people all the time. Look at how many people they duped into getting the unnecessary and rushed and unsafe jab. Makes the entire medical industry look tainted, but did we have much reason to trust them before that? BTW, wasn't 9-11 an inside job, and the manned moon landings possibly faked? Government deception much?
@@evilballer haha, you sound funny. the video is about the EU, making it redundant to list them in comment; and mentions the US, despite your reading comprehension, or lack thereof.
@@evilballer Nope. Just being able to choose not to trust certs I'll be highly unlikely to ever need.
There is a need for the emergence of a global freedom movement! It would be terrific if all the privacy organizations and pillars of free speech (such as you are) could be united under an umbrella! I observed that most people have absolutely no clue of these things..
The vast majority of people have this or that special interest that they don't want freedom in. This keeps freedom movements, as they necessarily contain things that various people do not want. Freedom contains the icky and contains the shady and contains the dishonest. Freedom is both creepy and libelous.
There is a story about a guy who got contracted by the ATF because he looked at a forced reset trigger on gunbroker
a series on old outdated certificates or one as an addition to this series is needed too rob if you have time to check that out.
Thanks, again, Rob! And, thanks for leaving a moment at the end to click, "like."
Thank you Rob for keeping us aware of our surroundings!
Rob thanks for the great video. Since LetsEncrypt has a copy of the certs, do you think they are probably compromised? Secondly I'd like to see proof that certbot doesn't ship the certs off somewhere. I think the only safe option is self signed certs.
LetsEncrypt should not have a copy of your private key. Only your public key
Thanks Rob excellent as usual. One question how and where do I look to find a web site's certificate to discover it's origin?
Hit F12 in your browser while on the website you want to inspect. Then go to the security tab and click "View Certificate"
In my video, I clicked on the icon before the URL which appears as a locked sign on chrome but has some circuit looking symbol on brave.
I am having an issue with certain multi-player games that host on a local machine needing a fixed IP. My Starlink uses a "floating IP" and causes problems with this. Does your VPN provide "fixed IP"?
There is one pice in this puzzle that needs to be better explained: the DNS. To impersonate a domain to create the mitm the DNS must be also controlled. I am not denying what you are saying, I am pretty confident that you are right about current number of root authorities and that is probably to facilitate government surveillance.
It is not necessary to always control DNS but this video discusses that with a Kazakhtsan example. I will actually focus on that further in a future video.
@@robbraxmantech Yes. I would like to see the video you are talking about here. You are the first person to bring this issue about root certificates to the public. I was thinking about the implications and it's HUGE! Your channel is the only one configured the bell notification.
ROB when are you going to review the COPA vs Wright trial coming up this jan 15? I am wondering why you don't speak about it, since you are so up to date on everything else in the computer science industry.
No I am not up to date on that. But since you bring it up, I will start looking
In any case, I just looked and I deliberately do not discuss crypto on this channel as it makes me a target.
@@robbraxmantechEven now with Larry Fink and all the other titans talking pro crypto all over corp media? It seems like your comment about 2G, that discussing crypto in the past would have made you a target but no longer.
@robbraxmantech Do you realize who COPA actually is?
You think small open source browsers will be affected too?
I don't use chrome, firefox, opera, even brave or any "major" thing. Will these be forced to include the dang eurocerts?
Do I need to learn coding and how to compile my own stuff now?
you need to learn about a certificate authorities you have trust in - like the infamous Hong Kong post office..
there often is a system package containing certificates in which your browsers package guy/gal set its trust in.
I love letsencrypt! Also, I might be the first comment for once
You are first
Interesting how about Pale Moon browser and other minor segment open code browsers frequently used in Linux distros... how they will be affected by such EU laws?
Can someone tell me what this law he’s mentioning is called? Was it already voted? I can’t find any news about it
And if there is now only one major player from EFF providing private PK, what makes you think that all governments wouldn't focus their attention on cracking or social engineering of a single target company to reveal the PK? And what makes you think that this hasn't already happened?
anything is possible. But at least LetsEncrypt will not be a source of fake certs.
@@robbraxmantech Is it possible to multiply Let'sEncrypt independent clones and kin so none is irreplaceable?
Do you think that those keys for let’s encrypt keys cannot be stolen?
Using nginx proxy manager its even easier to get a letsencrypt cert automatically from the web interface.
Thank you for this. It was incredibly helpful!
one of the major sponsors/ funders is Chrome Google. If it’s truly private now….for how long?
Now i see, you suggest to check the chain of certs and if the root certificate is issued by government for a website of an opposing to government public figure it should raise suspicions
You are understanding. But let me complete the story. Doesn't have to be opposing. If the govt backed certificate is for an unrelated website then obviously there's a man in the middle. If you see a Google certificate for a non-Google site, same thing. Microsoft cert for a non microsoft site, and so on. Mass surveillance doesn't require opposition it's just general collection of everyone's data.
I don’t really get it how exactly a root certificate can enable eavesdropping by itself? I can assume that it would also involve DNS spoofing?
next video
This is (and your theme's in general) absolutely Priceless not just to general public , but even more so to people that feel (by lack of life study and experience) themselves as some sort of misplaced informatic neanderthals (meself included) .
If the browsers implemented checking the CT (Certificate Transparency) logs and the CAA (Certification Authority Authorization) record it would dramatically reduce this issue.
Unfortunately no, that will not resolve the problem. Revocation would only occur after the "risk" for a compromise cert "got bad enough" to revoke one... which means by that time it is too late. The problem Rob is talking about is literally the entire problem of "trust" from it's inception. You are essentially paying a "gang" to keep you safe. Only you are not safe, anyone that has stolen that gangs "keys" by making copies or compromised their "keys" then you are only paying for no security.
I would even challenge that "Lets Encrypt" is safe enough. People should only use "self signed" certs with a cert that is "publicly" published thumbprint. Nothing should ever be trusted 'out of the gate'. Trusting should always be a "manual process" initially. Once you have established a "manual" trust (example... using your eyeballs to confirm the thumbprints) then you can allow that certificate to reside in your "trusted store".
@@CD-vb9fi CT Logs and CAA records have noting to do with revocation. The CA/Browser Forum can kinda revoke roots.
Sounds like certificate pinning.
@@genralit16 Endpoints don't check CAA, the Issuers do that. The browser might revoke roots but that is per browser. Enpoints only check 'revocation' if they are told to do so which is why I said nothing you mentioned will resolve the problem.
If we did start getting endpoints to start checking CAA then there would be a large number of failures happen when a registar changes or a DNS record becomes poisoned... it happens. The internet is pretty insecure and even if we thought of a good way to get endpoints to start using CAA or the CT Logs it does not solve the problem of a compromised certificate which is the exactly problem being discussed in the video. It really does not matter "who" issues a certificate. If the signer is trusted... it's going to work provided the usage is in context.
I mean... there is a reason why Commercial PKI is a complete scam after all. Only revocation has a snowballs chance in hell of providing some remediation but I have already gone over why that too is just a pipe dream.
Unless an "Active" clearing house is online authenticating certificated every time a connection is established... it's compromised.
Thanks!!! Great video!!
Does anyone know how to bypass UA-cam ads? Brave doesn’t anymore
what if I take all certificates in the browser as untrustworthy ???
Hi sir i still dont know how to use a computer but i see all technology in the whole environment anyway i like your videos and you explain all communication like the most coolest
I wonder if privacy experts could code an app or automation that could somehow ring fence the cert, so it could be there legally, but not functionally?
I figure they probably have something in the law that talks about tampering, or technically disabling?
As I said in the video "distrusting a cert" would be a violation of their laws. That's their plan and it would target the browser maker (Google, Apple, Microsoft) so that would in theory incentivize big tech to prevent workarounds. This is for the EU law only. Unfortunately, there are other circumstances where private keys could be compromised already.
@@robbraxmantech I was thinking a workaround that lets it be active, but not functionally as well as it could.
There is a way! You could create your own root certificate, then create fake certificates of your own, then redirect the traffic to a trusted portal. The only question is the trusted portal. But the real answer is to be answered in a video coming up which is a redesign (my own idea) of the PKI
How about displaying a warning instead of the green lock? The certificate is there and it works, but the user is informed that the communication might not be private.
LetsEncrypt can be bought out just as the others were. LetsEncrypt is not uncorruptible. No?
Rob's thing is "privacy". My thing is a hatred of "noreply" emails. They talk at me, I can't respond.
Thank you
Should make this video…. “Why UA-cam Platform works so Flawless”
Shouldn’t lets encrypt certificates be signed (issued by) by a ca trusted by browsers and os? Otherwise they wont work
Perhaps you're not understanding something here. LetsEncrypt is the CA
@@robbraxmantech perhaps you didnt understand my question. As far as i know lets encrypt certificates are signed by DST Root CA X3 certificate. In order to have certificates working and trusted they should be signed by a trusted root certificate which is trusted by browsers and operating systems. Otherwise that are no better than self signed certificates. Thus, those who issued a certificate for lets encrypt can also revoke it. For safety between a front end and back end self signed certificate is preferrable. Moreover, you stated if im not mistaken that those who issued certificates can decrypt traffic and read its content. Does it mean the root ca who issued a certificate for lets encrypt can also decrypt traffic. I doubt. Correct me if i wrong or explain more clearly why lets encrypt certificates issued by a root ca which is personally dont trust is better than a certificate issued by mentioned eu root ca
The actual website certificate is signed by LetsEncrypt. Which is cross checked against LetsEncrypt CA. Up the chain then, someone can validate if LetsEncrypt is valid so they go to X3. But X3 didn't issue the cert for the website. X3 can only validate LetsEncrypt. Thus having the "private key" on X3 doesn't validate the website without changing the CA from LetsEncrypt to someone else. Meaning you can't do it without leaving a trace. So my explanation still stands. If the cert is LetsEncrypt then the only possible threat is if LetsEncrypt passed their own private key as a CA.
Thanks!
The Comodo compromise was more than proof that 3rd party trust is complete bunk. I have told people since the first Commercial CA was put online that it was all a scam. Massive amounts of money has been given for these Public Certificates for nothing more than to say..."trust me bro".
So what's wrong with Tor?
I've thought that Root CA's have been compromised for years.
Would using a VPN protect your web traffic from being read?
I just saw that you offer a VPN service :)
VPNs encrypt traffic between you and the VPN server. The limitation is that a VPN doesn't control what is seen past the VPN server. However aside from this, a VPN hides your IP address which is its most important function since it identifies you
But how do we know Let's Encrypt is honest and not part of the backdoor spyware?
The only possible threat is if LetsEncrypt handed their private key to the govt. However, LetsEncrypt is run by EFF which has lawyers fighting the govt on issues like this so I do hope they're the last one to do this. But aside from the private key threat, the idea of fake certificates would at least not occur.
EU announces many things but they don't always come to be and root certificate i am not sure that it will pass.
I’ve been laughing at the encryption brow for years lol.
hmmm... it seems like its getting to be time to bail on this whole system, and pick up a totally different one.
Just like it was time to bail on apple 10 years ago.
As usual, a great video tutorial warning message about our personal security ONLINE. Thanks for making and sharing 🙂
I'm going to give you a piece of wisdom. Governments can only function if you pay taxes.
However they stop functioning when they spend far more than taxation brings in unless they borrow to match the difference or print money or both as is happening in all the "5 eyes" countries, and then the "functioning" can only last so long until the countries currency implodes (becomes worthless).
All that is hidden will be revealed. The Universe.
I’ve been laughing at the encryption bros for years lol.
so are you saying that the tor protocol is compromised because it uses CA's as the basis for its encryption layer.
inaccurate. This has nothing to do with the TOR segment. All traffic, including TOR traffic eventually exits as standard HTTP or HTTPS.
@@robbraxmantech i am talking about the tor nodes that build the circuits using ssl certs.
What I'm talking about relates to fake certificates which validate false identities. The TLS encryption itself is not broken by this. It is my understanding that the TOR circuit is a closed loop, meaning it doesn't rely on an external DNS for circuit information. So there should be no opportunity to spoof a fake TOR server with a fake certificate. In theory, even self-signed certificates would work fine. But I'm guessing on that since I never researched the internals of how certs are managed in TOR.
@@robbraxmantech the reason I ask this was because years ago I was attempting to write the tor client library in assembly language and ran into many issues with ssl and certs. It is complicated. I abandoned the project.
I think you'd have to use open source libraries for TLS. It would be hard to keep up with that with Assembly or even C. TLS, the encryption scheme isn't broken though. Just the trust layer. So if that trust layer is not used (such as with self-signed certs), then TLS should still be fine. In another video, I will propose a change to this trust layer of the PKI
sadly people are the root ... nowadays the accept everything like in medival times "we cant do a thing against the bad sherrif " and waiting for a modern robin hood ... xD
"You basically install and run their software on your server...." -- what could possibly go wrong?
In case you didn't know, on Linux, if software is installed by a repository like APT, it is in source code form when provided so this doesn't come from a private source.
@@robbraxmantech Good point thanks... I'm used to the disturbing trend of people piping curl responses into 'sudo bash' with no idea of what it's doing.
Or tor?
Suddenly the people calling out Cloudflare sound reasonable.
Interestingly, look at this sites certificate. Google is its own certificate authority.
just installed the certificate and saw this
So isn't this considered ESPIONAGE? The Govs can be spied on also!
Rob your description could use some citations.
Thank you for your comment. Just to be clear, I do not write term papers. Consider my statements as a canary in a coal mine and should trigger them as initiators for independent research for those interested.
Unfortunately it was only a matter of time!
always use some game like minecraft make private server use blocks whit letters on it then move your char to speak to each other
Is it true or false disabling the 2G cell network setting on your Android can prevent a Man in the Middle?
This is so false. This relates to supposed protection from Stingray. Back in the day, yes. Today? No.
I had heard that your bunker had been hit by a jetliner. But no. Best wishes. Merry Christmas. Mass surveillance is another term for Marketing. It's all marketing - from objects to ideas, from actions to beliefs. So .. fix the PKI. Change it.
I think you misunderstand how PKI and SSL/TLS works.
😄 👍 👌 🎉
How is it then that web commerce, web banking, credit cards, etc are still safe to use? Wouldn't there be massive credit card fraud if it was easy to intercept the traffic?
At the moment, this threat is controlled by governments. Not hackers.
@@robbraxmantech How was LetsEncrypt created? Who is behind it? Who is paying the bills? Apparently it's not government controlled. I don't really grasp the issue very well.
I gave the history in the video. It was founded by the Electronic Frontier Foundation (EFF).
If the re-election of Current President Trump was so easily stolen by the Democrats, shouldn't it lead us to wonder just how safe are our bank accounts?
@@robbraxmantech Looks good. Squeaky clean. If something is squeaky clean its either squeaky clean or its a cover. Trust doesn't work as a safety measure.
If it's in the air it's free
I see time to exit EU as as soon as possible...
It always sounded fishy to me, and frankly annoying, that we just HAD TO HAVE all this certificate nonsense just to have encrypted web traffic.
Half or more of you reading will probably disregard me as a conspiracy nut for saying this, but I don't think this is a case of governments and whatnot finding a way to take advantage of an existing infrastructure that wasn't meant to do what they now want to do with it. Rather, as with so many other things, I'm more inclined to believe that this was the point from the beginning, no matter how it was spun at the time it was done, or what those involved were led to think about it.
At some point the money and the influences will become evident, if they haven't already.
Wait a sec. If EU and others give themselves the right to do root ceritficates and try to make it illegal to remove them then isn't it completely irrelevant who issued your certificate? From your other videos such a bad actor can MITM all the traffic. Am I missing something? Isn't the real solution to remove these middlemen entirely and go with something decentralized and provably trustworthy like having DNS and public key stuff on blockchain with only the owner having say the proper NFT token to be able to change the information?
I think so too. But I don't know how easy it would be to start this as a niche before outgrowing the PKI, since websites need the browser's trust. I understand Rob is planning a video about how he would change the PKI, so I'm waiting for that.
Po, I lov ya, but the 3 letters are inside everything. When you and I grew up, all the lola and neighbors knew everyone's gossip and secrets. At one time in Europe, the church knew all the confessional inside gossip and secrets. It's really no different today. Government represents "society." The public is not told but they solve much crime simply spying on everything and knowing where the bad is and who is doing it. And they do bad. This is just life. Don't let it make you crazy.
It mustn't continue like that. There are NGOs etc people should support and/or even engage in political work, otherwise it will get worse and worse
Before I saw this video: Websites owners who use Lets Encrypt certificates are lazy and cheapskate (don't want to spend $100+ each year on a "real" certificate from a "trusted" provider out of a $10,000 - $ million IT budget ). It should only be hobbyist and very small business who uses Lets Encrypt for their hobby projects or a small web blog.
After I saw this video: Websites owner who uses Lets Encrypt certificates is a privacy life saver. ***** all other websites owners, who uses other certificates than Lets Encrypt.
👮👮♂👮♀🚔🚨
The EU must go.
This is what happens when the folks who make law have absolutely no idea what any of this stuff means.
This is probably what the real problem is, seen that the same ones have recently voted some rather better measures like the anti-gatekeepers thing. Influenceable persons become living battlegrounds.
Ok, looks like eu will oblige everyone in europe to issue certs using their root ca so you never know if youve been spoofed or your traffic is decrypted and monitoring. This is for the sake of peace and freedom i guess 😂
So is The Tor Project scamming us by not telling us that there is a problem all this time?
Don't mix issues here. This is about web encryption (HTTPS).
If you think basic TOR is an answer to anything you're already compromised
TOR is for hiding the source of the traffic. If there's a man in the middle, the traffic will leave the TOR exit node exposed with no encryption. We still would not know the source but a government can read the content as if HTTPS did not exist. But if you understand the video, this really depends on the certificate of the site you're visiting.
I use a Proton VPN so they can't see me!
God bless your beautiful brain, Rob.
For this MITM thing to work you still need to go to the wrong website initially, unless the attacker controls DNS how will they manage that? And LetsEncrypt would do nothing for you there, unless you check for each website every time what certificate is actually used. Who does that?
Just because you have a Microsoft Certificate on your system does not mean Microsoft can read all your webtraffic. I mean they of course can since it is their OS and who knows what they are doing there, but that has nothing to do with the certificate.
Web encryption protects the data on it's way from someone snooping packets, it is and never was protection against serious attacks, those will happen either on your machine or the server. And data is not encrypted on either side, only in between.
🤔🙁🧐✌🏾
There's a war going on that much bigger than this . . . it's a battle for your SOLE not your bank account.
If it can be cracked it has already been cracked or will be cracked shortly. Do what you need to do with that info.
No encryption works
your comments on lets encrypt are completely bonkers given that you assume others will misuse the root certificate keys. why on earth would lets encrypt not do the same? you are 100% assuming that lets encrypt, controlling 300 million hosts they can spoof, and more, is 100% honest.
Read his answer to user @dansw0rkshop
You call pki a stupid thing but dont suggest a replacement. It s like democracy: with all its drawbacks there is nothing better. By criticising propose a better solution
The replacement is in the next video. Which no one will watch I'm sure because it will be very technical
@@robbraxmantech dont worry about that. Big brother is watching you
They better add to my view count LOL
I will.
@@robbraxmantech don't say that some of us take you very seriously even if the bots and trolls don't :)
No such thing as encryption. False security.
No more privacy.
how trustworthy is digicert?
As I said, I couldn't tell you. Maybe it is safe, maybe not.
@@robbraxmantech : \