Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use HTTPS for speedtest.net URLs #113

Closed
wants to merge 1 commit into from
Closed

Use HTTPS for speedtest.net URLs #113

wants to merge 1 commit into from

Conversation

mathiasbynens
Copy link

HTTP is insecure – any attacker with a privileged network position could intercept the request and possibly drop/rewrite it. HTTPS makes it much harder for anyone to do so.

Some more reasons:

@sivel
Copy link
Owner

sivel commented Dec 17, 2014

I still need to be convinced that switching to HTTPS actually gains us something.

And you should always provide a description in a PR.

@mathiasbynens
Use HTTPS for speedtest.net URLs
5902a4c 
HTTP is insecure – any attacker with a privileged network position
could intercept the request and possibly drop/rewrite it. HTTPS
makes it much harder and much more expensive for anyone to do so.

Some more reasons, taken from
<https://konklone.com/post/switch-to-https-now-for-free>:

* SSL’s not perfect, but we need to make surveillance as expensive
  as possible.
* For privacy not to be suspicious, privacy should be on by
  default.
@sivel
Copy link
Owner

sivel commented Dec 17, 2014

Again, the majority of python versions do not validate SSL certs. Python 2.7.9 and python 3.4 are the only versions that perform ssl validation by default.

Due to this, it is no more secure or private than just using HTTP.

@mathiasbynens
Copy link
Author

Again, the majority of python versions do not validate SSL certs. Python 2.7.9 and python 3.4 are the only versions that perform ssl validation by default.

Then this patch makes speedtest-cli safer on those versions, without affecting functionality on other versions. Why would anyone be opposed to that?

(Also note that this patch makes the --share output be an HTTPS link. This is not just about requests made by the script itself.)

@sivel
Copy link
Owner

sivel commented Feb 26, 2015

This functionality is implemented in devel

@sivel sivel closed this Feb 26, 2015
Repository owner locked and limited conversation to collaborators Nov 30, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
"enhancement" maybe on-hold
Projects
None yet
Milestone
No milestone
2 participants
@mathiasbynens @sivel