“… please deactivate your adblocker …” they said.
Wow. Valid cert, matching icon, identical web page, and virtually-identical URL. I absolutely would have fallen for that, and I’ve been meaning to visit KeePass’s website and download the latest version, too.
Except when it’s an Extended Validation certificate, which requires the requester to go through a manual vetting process.
But apparently for some reason, Firefox doesn’t show the EV label in the URL bar anymore.
That’s because EV certs were not only a pretty awful idea in hindsight (A, B), but also because humans aren’t really good at checking the security and trustworthiness of a website (C) in general, which is why browsers have collectively started to stop signalling HTTPS as something to be trusted all together.
We need radical criminal penalties on the books for facilitating malware with ads. You shouldn’t be able to wash your hands of being a major malware distributor.
As an admin on a Lemmy instance, I don’t like this idea. If I were to be personally, criminally held responsible for something one of our users put on the web…
Well, let’s just say I’d be getting out of the Lemmy admin game. So would everyone else.
If you aren’t making decisions about ad serving, obviously it wouldn’t effect you. If you are choosing ads to serve, and don’t care about their reputation, that’s a problem regardless of how much it bothers you.
This is far more important then a few lazy web admins that want to profit from scamming their users.
