💾 Archived View for stacksmith.flounder.online › gemlog › 2021-09-21.Why_encrypt_Gemini.gmi captured on 2024-03-21 at 14:56:11. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2022-07-16)
-=-=-=-=-=-=-
My initial reaction to Gemini was: 'Great, but why bother with encryption?'... Nothing I've seen published here requires encryption.
After reading and thinking some more, I decided that there was a decent reason for TLS -- to verify the authenticity of the servers. But no, the TOFU approach allows anyone with a medium-long-term malicious plans can insert themselves into the ecosystem.
Furthermore, given the 'lots of little gemlogs' nature of the gemosphere, and the availability of portals that cache latest posts, it is easier to look at the portals. A rogue portal can impersonate anyone!
To quote a response to a recent Gemini-related post on `hackernews.com` (lammy):
https://kieranhealy.org/blog/archives/2013/06/09/using-metadata-to-find-paul-revere/
Given all this, I would not bother with TLS at all. There is really no reason for it.
P.S. A few weeks later... Well, there is one reason: it is not trivial to inject advertising junk into pages...