Found in #IRC:
"apparently people are getting around Chrome and Firefox telling everyone that non-HTTPS password fields are 'not secure' by just using regular text fields. they change the font on the text field to 'text-security-disc', which is apparently a font that exists of all bullets and looks just like traditional password fields."
How about instead of investing time and effort into schemes like these, you just ROLL OUT #HTTPS FOR FSCK'S SAKE!
@rysiek sometime I really hate people.
@bram I hear you...
There's no excuse not to implement HTTPS anymore!
@rysiek I think it's a nice show of how inherently meaningless are these security messages in the website view.
@pony they are not inherently meaningless. They *are* effective in pushing people to implement HTTPS.
Some people will always choose to do a stupid, and that's it.
@rysiek They don't mean anything if you can fake them, and you can.
@pony they mean that you either have to roll out HTTPS or fake them.
Since the amount of work to do the former is going down, more and more people will decide to roll-out HTTPS instead of doing a stupid.
@rysiek Problem is of course it is not stupid. Not providing a way to override such an intrusive warning for selected sites is a bad thing and it's no wonder people try to circumvent it.
@pony how is it a bad thing? How is sending credentials via pure HTTP a sane idea?
@rysiek That isn't really up for you to decide. I'm ok with the browsers switching to labeling http sites as unsafe, that sounds reasonable, but bastardazing the input elements (that actually have some defined behavior they need to adhere to), that's quite shitty. What are you going to do with it anyway, when you see it.
@pony complain to the damn admin. That's an indirect way of putting pressure on site admins. And apparently pressure is dearly needed.
You don't want your inputs bastardized? Fine! Roll-out HTTPS.
@rysiek Obviously, they are solving it. By using a different input field.
@pony still, most admins are solving it by rolling out HTTPS. the way I know is because the percentage of HTTPS sites is steadily growing. So, there's that.
@pony but if you have some other constructive ideas how to get website admins to get their heads out of their arses and roll out HTTPS, please share.
@rysiek holy duck.
@rysiek Yes, people spending more effort working around browser warnings than it would take to deploy TLS still baffle me.
Follow friends and discover new ones. Publish anything you want: links, pictures, text, video. This server is run by the main developers of the Mastodon project. Everyone is welcome as long as you follow our code of conduct!