On Wed, Oct 12, 2016 at 12:02:19 +0200, Hanno Böck wrote: > You can certainly do that by either modifying your browser or using one > that doesn't support HSTS. > > But I think it doesn't achieve what you want. As far as I understand > your goal is to choose a site to connect to that many other people use > in order to avoid identification of you. > > However if you access Wikipedia through HTTP while almost everyone else > uses HTTPS then this is a very identifying pattern.
HSTS is just an extra level of security that tells your browser that it should never try HTTP. If your browser doesn't support it, that doesn't mean that the webserver will allow you to use HTTP---it is not possible to access wikipedia.com over an HTTP connection; it will always force a redirect. Just as I have my webserver configured to never allow HTTP connections. Different webservers may have different configurations (e.g. google.com). -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: 2217 5B02 E626 BC98 D7C0 C2E5 F22B B815 8EE3 0EAB https://mikegerwitz.com