Please help! When i click on a mirror link, it doesn't give me any download but it just reloads the page. IPFS doesn't work either... I am not using any VPN. :(
Because if you're accessing a website with HTTPS you should have the expectation that everything you do will be encrypted and if there is something you're trying to access that is unencrypted, that should be something you explicitly allow. It's not because "zomg google is teh evilz"
But Google doesn't even allow that anymore. It just completely ignores the request. No normal user is going to know how to go in and change some obscure flag. A notice is one thing, to just ignore the request is another. That's the evil part. That's where Chrome is broken. It's not a feature, it's a bug.
It's not even "mixed content". A download is separate content, not "http and https mixed together". What's next? Complete regular http websites blocked? That's incredibly bad for Internet freedom - a threat to the open web.
The heck of it is, each attempted download, whether successful or not, uses up one of my downloads for the day. In any case, the above worked for me. That's really annoying that I have to do that, and I agree--Chrome should have at least given me a warning.
@nick99nack how is blocking HTTP a threat to the open web? Maybe back in the day when the only option for getting a cert was to pay for it. But that's not the case anymore. Anyone, anytime, for no money what-so-ever can get a cert. So I don't see how that prevents an open web.
Certs may be "free" today, but you can not guarantee they will be free tomorrow. In practice, such things do stop being free.
There is a news article right now about how they will stop working on older Android devices: https://soylentnews.org/article.pl?sid=20/12/08/1619234 While we don't care about toy cell phones here, it is part of the same problem.
There's no guarantee anything will be available tomorrow. But if Let's Encrypt went out of business, I'm sure another company would take their place. They've changed the landscape so much that there will be a large demand for an alternative if they go away.
Besides which, nothing would stop you from creating your own CA and signing your own certs. The only issues is getting your users to trust the cert. And pretty much every platform has some way of importing new trusted root certs.
As for older Android devices losing access to Let's Encrypt, that's not a problem with HTTPS. That's a problem with vendors not supporting older OSes and devices. Which has been going on for decades. And I'm sure that if there's sufficient demand, a third party could release an updated list of trusted CAs.
Comments
Tried it and it works fine for me, if it doesn't just use a different browser.
It's not even "mixed content". A download is separate content, not "http and https mixed together". What's next? Complete regular http websites blocked? That's incredibly bad for Internet freedom - a threat to the open web.
There is a news article right now about how they will stop working on older Android devices: https://soylentnews.org/article.pl?sid=20/12/08/1619234 While we don't care about toy cell phones here, it is part of the same problem.
Besides which, nothing would stop you from creating your own CA and signing your own certs. The only issues is getting your users to trust the cert. And pretty much every platform has some way of importing new trusted root certs.
As for older Android devices losing access to Let's Encrypt, that's not a problem with HTTPS. That's a problem with vendors not supporting older OSes and devices. Which has been going on for decades. And I'm sure that if there's sufficient demand, a third party could release an updated list of trusted CAs.