Re: [libreoffice-users] Website security and encryption

Out of interest, what benefit do you think you will have from an https
connection to the LibreOffice site?

As all the information is being downloaded, and not uploaded, and is
publicly available, there is no security from the encryption; anybody
can get the same data you are accessing. The verification of the domain
is useful, but does still rely on trusting the DNS servers. The download
itself can be verified through other, better means to ensure it is good,
although this does again rely on the website not having been hacked,
which https does nothing to ensure. Although using encryption does
prevent your ISP throttling the download, I didn't think that was
common with http traffic, more with bittorrent traffic. The target IP
address is also available, so https doesn't prevent people from keeping
tabs on which sites you visit. Encrypted traffic does also prevent your
ISP inserting ads, but do any ISPs actually do this?

The added verification of the domain is useful (although not absolute),
and the general feeling that all internet traffic should be encrypted
to prevent tracking and throttling is also valid, but the post was
strongly worded, so I wondered if you had a particular need for
encrypted traffic instead of normal.


Paul

PS. I find the tone of the message to be a little strong,
especially given that you are mistaken in your belief, and a simple
test would have verified that. Given your sentiments about unencrypted
traffic, you are of course fully entitled to simply not use the
LibreOffice site or software. If you do wish to use it, politeness and
respect will get you much further in this community.

I may be completely wrong in this assumption, but from the tone of your
message, and the strong view that you will not use any unencrypted
sites, in addition to your not doing a simple check to see if an
encrypted version of the site was available, leads me to suspect that
you misunderstand how https connections work, and the benefits they
provide and the risks plain http present. Perhaps the situation is not
as dire as you suspect.




On Sun, 21 Aug 2016 18:57:13 -0500
Eric Scherer <scherer.eric@gmail.com> wrote:

> I'm amazed and surprised none of your webpages -- including the
> downloads -- are via secure/encrypted connections ("https://"; or
> otherwise).
>
> There's absolutely no reason ANY website should be doing this.
>
> I refuse any site, not to mention download anything from them, if
> connections aren't secure and encrypted.
>
> BIG oversight on your behalf.
>
> -- 
> To unsubscribe e-mail to: users+unsubscribe@global.libreoffice.org
> Problems?
> http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
> Posting guidelines + more:
> http://wiki.documentfoundation.org/Netiquette List archive:
> http://listarchives.libreoffice.org/global/users/ All messages sent
> to this list will be publicly archived and cannot be deleted

-- 
To unsubscribe e-mail to: users+unsubscribe@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted