WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: Fifth Browser Questions  (Read 2662 times)

Offline thane

  • Hero Member
  • *****
  • Posts: 697
Fifth Browser Questions
« on: May 19, 2016, 02:41:24 AM »
I've tried the Fifth browser on a couple machines (both several years old, don't know if that's a factor). Seems like about half the time going between websites, I get the "Security risk: certificate changed" screen and have to type the special message to move on. These are all legit sites (including TC) I've visited often with other browsers e.g. Firefox and AFAIK haven't had issues. So (as the warning suggests) am I constantly being subjected to "man-in-the-middle attacks", is there some setting I should change, or is this just a "feature" I'll have to live with?

Offline curaga

  • Administrator
  • Hero Member
  • *****
  • Posts: 11044
Re: Fifth Browser Questions
« Reply #1 on: May 19, 2016, 04:31:12 AM »
Google in particular changes their certificates several times a week, which is really bad practice - you can't be sure if the new certs are valid or MITM attacks. This is something the existing browsers do not check for. TC domains don't offer https though?

The check itself can only be disabled at compile-time, otherwise some malware could disable it without the user knowing. You'd comment out the wk_set_ssl_func line. This will leave you less secure, but if you use it for regular browsing on an old machine (no banking, etc), it would be fine.

edit: Fifth is pretty fast to build, when you use the existing webkitfltk-dev extension. Should be no longer than a minute even on an old machine.
« Last Edit: May 19, 2016, 04:34:14 AM by curaga »
The only barriers that can stop you are the ones you create yourself.

Offline hiro

  • Hero Member
  • *****
  • Posts: 1229
Re: Fifth Browser Questions
« Reply #2 on: May 19, 2016, 01:27:23 PM »
Yes, this is also an example why i find the letsencrypt initiative highly dubious. Now their certificates are used by many websites, explicitly forcing everyone to change their certificate every few months.

Offline thane

  • Hero Member
  • *****
  • Posts: 697
Re: Fifth Browser Questions
« Reply #3 on: May 20, 2016, 12:43:56 PM »
Thanks for the replies!

I have no experience compiling programs in TC (or Linux generally). However I have written/compiled Java, COBOL, and C programs on AIX, which may be in-the-ballpark similar. I'll look into it.

Thane

Offline Juanito

  • Administrator
  • Hero Member
  • *****
  • Posts: 14819