I was having a conversation with my 13 year old… trying to explain to her why we were using a travel router in the hotel room. When she said… “I don’t use the internet I use apps”.
kids don’t know shit
Back in the day, before services like letsencrypt, SSL certificates cost many thousands of dollars annually. They were seen as the entry point into the security of the internet. And when things got cheaper you still had to prove who you were buy sending a scan of your passport to an unnamed entity offshore. Also a very questionable practice.
Here we are and SSL is free and ubiquitous. So what’s the problem? Well, when you use a website that is not secure it’s pretty plain and simple… in the address bar there is an indicator. It should ALWAYS be green.
But what about apps?
Sure some apps are local only. But even they communicate or by proxy the app store contacts the app to see if it needs an update. But most apps phone home. This way the developers know if and when the app is being used as well as whatever other data you agreed to let them capture. The challenge is that when they phone home there is no requirement that the server is secure.
And that’s why they don’t know shit.