On Wed, Oct 12, 2016 at 12:02:19 +0200, Hanno Böck wrote:
> You can certainly do that by either modifying your browser or using one
> that doesn't support HSTS.
>
> But I think it doesn't achieve what you want. As far as I understand
> your goal is to choose a site to connect to that many other people use
> in order to avoid identification of you.
>
> However if you access Wikipedia through HTTP while almost everyone else
> uses HTTPS then this is a very identifying pattern.

HSTS is just an extra level of security that tells your browser that it
should never try HTTP.  If your browser doesn't support it, that doesn't
mean that the webserver will allow you to use HTTP---it is not possible
to access wikipedia.com over an HTTP connection; it will always force a
redirect.  Just as I have my webserver configured to never allow HTTP
connections.  Different webservers may have different configurations
(e.g. google.com).

-- 
Mike Gerwitz
Free Software Hacker+Activist | GNU Maintainer & Volunteer
GPG: 2217 5B02 E626 BC98 D7C0  C2E5 F22B B815 8EE3 0EAB
https://mikegerwitz.com

Reply via email to