[Wayback/Archive] NeverSSL – helping you get online.
What?
This website is for when you try to open Facebook, Google, Amazon, etc on a wifi network, and nothing happens. Type “http://neverssl.com
” into your browser’s url bar, and you’ll be able to log on.How?
neverssl.com will never use SSL (also known as TLS). No encryption, no strong authentication, no HSTS, no HTTP/2.0, just plain old unencrypted HTTP and forever stuck in the dark ages of internet security.
While writing it in 2022, the site would redirect me to http://oldserenewonderousbirds.neverssl.com/online, http://beautifulgrandoldspell.neverssl.com/online and http://majesticsilveroldeclipse.neverssl.com/online, which will change probably each time to deter DNS caching, as per this message when I disabled JavaScript:
⚠️ JavaScript appears to be disabled. NeverSSL’s cache-busting works better if you enable JavaScript for
neverssl.com
.
Why NeverSSL
Because NeverSSL always uses plain unencrypted HTTP traffic, any captive portal WiFi or wired network can easily sneak in or redirect to authentication.
That way you can logon, after which you can use encrypted HTTPS/SSL/TLS/HSTS traffic.
Via
- [Archive] Colm MacCárthaigh on Twitter: “Super super super super super cool to have @NeverSSL featured in one of Julia’s comics! It’s a good prompt to tweet about a few weird things that
neverssl.com
does to collaborate with nasty Wifi capture portals …” / Twitter - [Archive] NeverSSL (@NeverSSL) / Twitter
DNS hijacking can be used too
Leading to the above was this post by b0rk: [Wayback/Archive] how airports lie to you with DNS.
Via:
- [Archive] 🔎Julia Evans🔍 on Twitter: “how airports lie to you with DNS …” / Twitter
- [Archive] 🔎Julia Evans🔍 on Twitter: “I think it’s interesting that DNS resolvers can return any responses they want — it just depends what they’re programmed to do! And you can turn this to your advantage by using an adblocking DNS resolver like pi-hole.net or something” / Twitter
- [Archive] 🔎Julia Evans🔍 on Twitter: “Also apparently there’s more than one way captive portals work, sometimes they do what’s described in this comic and sometimes they hijack HTTP instead of DNS. …” / Twitter
–jeroen