this post was submitted on 17 Jan 2025
586 points (98.2% liked)

Technology

60545 readers
6411 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
586
Google decides it won't comply with EU fact-checking law (www.engadget.com)
submitted 23 hours ago by Sunshine@lemmy.ca to c/technology@lemmy.world
165 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] interdimensionalmeme@lemmy.ml 1 points 13 hours ago (1 children)

There's probably a way to redirect without validation. Only respond to port 80 if needed, then redirecr. Sure the browser might complain a little but it's not as bad as invalid cert.

[–] DreamlandLividity@lemmy.world 3 points 12 hours ago* (last edited 10 hours ago) (1 children)

Maybe for some rando site, Google and any half competent site has HSTS enabled, meaning a browser won't even try to connect with insecure HTTP, nor allow user to bypass the security error, as long as the HSTS header is remembered by the browser (the site was visited recently, set to 1 year for google).

In addition, google will also be on HSTS preload lists, so it won't work even if you never visited the site.

[–] interdimensionalmeme@lemmy.ml 1 points 9 hours ago (1 children)

That makes me realize, what kind of country doesn't cobtrol it's dns space's encryption certificates. That's a major oversight.

[–] DreamlandLividity@lemmy.world 1 points 9 hours ago* (last edited 9 hours ago) (1 children)

What? What do you mean "DNS space"? Classic DNS does not have any security, no encryption and no signatures.

DNSSEC, which adds signatures, is based on TLDs, not any geography or country. And it is not yet enabled for most domains, though I guess it would be for google. But obviously EU does not control .com.

And if you mean TLS certificates, those are a bit complicated and I already explained why forging those would be problematic and not work on Chrome, though it could be done.

[–] interdimensionalmeme@lemmy.ml 1 points 3 hours ago

Yes I mean tls certs as those control what dns records are considered valid. The Eu should control which tls are considered valid within its territory and that should be considetedpart of their security apparatus. It's crazy irresponsible to have left that up to unaccountable private foreign entities. This is what would make it difficult to control their own independant version of the dns namespace.