Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

ssl prevents that.


It explicitly does not. It means there are additional barriers to doing it - people would need to accept a bad cert (we already know the overwhelming majority will), or they would need to slip in their own CA that allows them to generate their own valid certs for MITM, but that is eminently doable for the Chinese government inside of China. They can then block all traffic for people that do not use the cert that allows them to decrypt said traffic. It functionally is the exact same thing, and would still allow "legitimate" traffic without problem.


That's not what explicitly means. Ssl explicitly does prevent mitm attacks from intercepting URLs of requests.

The fact you can get around it by ignoring the cert is a bit irrelevant. It's like saying locks don't work because people can break your window.


As noted, you don't have to ignore the cert, and we're talking about state level actors.

And it's not the window. It's like saying locks don't work if the state has a master key, which they do.


They already have their own CA in browsers, so they can easily MITM. That’s why mobile apps will use certificate pinning to verify their server


I thought countries who did this already issued their own certs to be able to analyze traffic. Like China. Maybe I misunderstood.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: