Tag: Security

Articles

• Privacy - Andrew Aylettv1.2, 2021:This is not a privacy policy

  This site sets no cookies and keeps no logs. The goal is to avoid processing any personal data so no GDPR consent is needed. Hosted by Vercel with Plausible analytics, neither of which collects personal data from visitors. ^?

• Telephone "Security" Questions - Andrew Aylettv1.0, 2012:Who is this "security" for, anyway?

  When a company phones you and asks security questions, the security protects them, not you. You have no way to verify who called. The fix is to call them back on their published number, but companies rarely make that easy. ^?

Thoughts

• TLS Termination Delegation in Browsers

  Wishing browsers could delegate TLS termination to a proxy the way servers delegate to CDNs -- transparently, without MITM. Current alternatives like Cloudflare's zero-trust require replacing the OS certificate store, which is too close to black-hat interception. ^?