Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Most devices trust their router a lot. HTTPS on its own doesn't protect you from a malicious router. Strict Transport Security and Certificate Pinning are also necessary for HTTPS to protect you against an evil router, and even then it does nothing about all the unsecured and weakly secured traffic and devices on your LAN and all the opportunities that come from being able to lie about DNS records. If you can't trust your router, you really just have to initiate a secure VPN connection to a network that isn't out to get you.


>If you can't trust your router, you really just have to initiate a secure VPN connection to a network that isn't out to get you.

:(. that's really frustrating. So you really need to vpn to a secure network anytime you use free Wi-Fi?


Yeah. With the right security software on your device and the right options on the server you could theoretically initiate a properly secured connection with some web sites, requiring DNSSEC, STS, etc., but for general purpose use you need the VPN.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: