Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
HTTPS scan: should you enable it?
Message
<blockquote data-quote="avatar" data-source="post: 909983" data-attributes="member: 22875"><p>I am dead serious. Cyprus is not a tax haven anymore. It is in EU, and we want AdGuard to be subject to EU laws and not Russian laws. While our CEO and a small team are in Cyprus, most of the developers are in Moscow indeed. You'd be surprised how widespread this configuration is among companies based in the valley.</p><p></p><p>Now that we have this sorted out, I would still like to insist on you stopping spreading disinformation. All this "subject to russian laws" boohoo does not make any sense.</p><p></p><p></p><p>How in the world these things are even connected? The Chromium team wants to implement Manifest V3 to limit <strong>EXTENSIONS</strong> capabilities. And the reason for doing this is that they cannot keep Chrome Web Store secure and clean from malicious extensions so they are going to limit ALL extensions capabilities instead. The solution is broken on so many levels if you ask me.</p><p></p><p></p><p>It'd be better if they provided better alternatives. However, instead of that, browser devs prefer to make things obscure and uncontrollable.</p><p>They say "do extensions instead" and implement Manifest V3. I can be doing it for hours, really. The point is simple - there is no viable alternative.</p><p></p><p>Also, I am not talking about just browsers. There are other apps, there are mobile and IoT devices, they all may be an attack vector.</p><p></p><p></p><p></p><p>The only "Pro" of HTTPS scanning is that it is the one and only technical measure to inspect encrypted connections.</p><p>It is definitely not "convenient" compared to extensions, for instance.</p><p></p><p></p><p></p><p>Sorry, but these points range from "completely irrelevant to HTTPS scanning" to "could be if HTTPS scanning is implemented badly".</p><p></p><p>In my opinion, here's how Pros and Cons should look like:</p><p></p><p>Pros:</p><p>The only way to control network traffic.</p><p></p><p>Cons:</p><p>If implemented badly, it can cause a multitude of different issues ranging from minor inconveniences to the ones introducing major security flaws.</p><p></p><p></p><p>I prefer a more practical approach.</p><p></p><p>Here's my problem: I want to be able to control what applications on my computer and mobile phone do. It does not mean I don't trust them (btw, I don't), but the real world is complicated, developers use third-party libraries and services, these third-parties use other third-parties, and so on. And to feel safe, I want to be in control. Maybe (most likely) I am a control freak, whatever. HTTPS scanning is the only way I can achieve this. This is that simple. I need to put my trust in one entity (for instance, an AV) to be more or less sure that other entities don't do bad stuff.</p></blockquote><p></p>
[QUOTE="avatar, post: 909983, member: 22875"] I am dead serious. Cyprus is not a tax haven anymore. It is in EU, and we want AdGuard to be subject to EU laws and not Russian laws. While our CEO and a small team are in Cyprus, most of the developers are in Moscow indeed. You'd be surprised how widespread this configuration is among companies based in the valley. Now that we have this sorted out, I would still like to insist on you stopping spreading disinformation. All this "subject to russian laws" boohoo does not make any sense. How in the world these things are even connected? The Chromium team wants to implement Manifest V3 to limit [B]EXTENSIONS[/B] capabilities. And the reason for doing this is that they cannot keep Chrome Web Store secure and clean from malicious extensions so they are going to limit ALL extensions capabilities instead. The solution is broken on so many levels if you ask me. It'd be better if they provided better alternatives. However, instead of that, browser devs prefer to make things obscure and uncontrollable. They say "do extensions instead" and implement Manifest V3. I can be doing it for hours, really. The point is simple - there is no viable alternative. Also, I am not talking about just browsers. There are other apps, there are mobile and IoT devices, they all may be an attack vector. The only "Pro" of HTTPS scanning is that it is the one and only technical measure to inspect encrypted connections. It is definitely not "convenient" compared to extensions, for instance. Sorry, but these points range from "completely irrelevant to HTTPS scanning" to "could be if HTTPS scanning is implemented badly". In my opinion, here's how Pros and Cons should look like: Pros: The only way to control network traffic. Cons: If implemented badly, it can cause a multitude of different issues ranging from minor inconveniences to the ones introducing major security flaws. I prefer a more practical approach. Here's my problem: I want to be able to control what applications on my computer and mobile phone do. It does not mean I don't trust them (btw, I don't), but the real world is complicated, developers use third-party libraries and services, these third-parties use other third-parties, and so on. And to feel safe, I want to be in control. Maybe (most likely) I am a control freak, whatever. HTTPS scanning is the only way I can achieve this. This is that simple. I need to put my trust in one entity (for instance, an AV) to be more or less sure that other entities don't do bad stuff. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
