+++ /dev/null
-<!--
- Copyright © 2017-2019 Soren Stoutner <soren@stoutner.com>.
-
- This file is part of Privacy Browser <https://www.stoutner.com/privacy-browser>.
-
- Privacy Browser is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- Privacy Browser is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with Privacy Browser. If not, see <http://www.gnu.org/licenses/>. -->
-
-<html>
- <head>
- <meta charset="UTF-8">
-
- <link rel="stylesheet" href="../css/dark_theme.css">
- </head>
-
- <body>
- <h3><img class="title" src="../shared_images/vpn_lock_blue_dark.png"> Connect with Confidence</h3>
-
- <p>When visiting an encrypted URL (one that begins with HTTPS), the webserver uses an SSL certificate to both encrypt the information sent to the browser and to identify the server.
- The purpose of the server identification is to prevent a machine located between the browser and the webserver from pretending to be the server and decrypting the information in transit.
- This type of attack is known as a Man In The Middle (MITM) attack.
- SSL certificates are generated by certificate authorities: companies that verify a server’s identity and produce a certificate for a fee.
- Android has a list of trusted certificate authorities, and will accept any of their certificates for any website.
- It isn’t supposed to be possible for an organization to acquire an SSL certificate for a domain they do not control,
- but in practice many governments and large corporations have been able to do so.</p>
-
- <p>Pinning an SSL certificate tells the browser that only one specific SSL certificate is to be trusted for a particular domain. Any other certificate, even if it is valid, will be rejected.</p>
-
- <p><img class="center" src="images/pinned_mismatch.png"></p>
-
- <p>SSL certificates expire on a specified date, so even pinned SSL certificates will legitimately need to be updated from time to time.
- As a general rule, pinning SSL certificates probably isn’t needed in the majority of cases.
- But for those who suspect that powerful organizations may be targeting them, SSL certificate pinning can detect and thwart a MITM attack.
- Privacy Browser also has the ability to pin IP addresses.</p>
-
- <p><img class="center" src="images/pinned_ssl_certificate.png"></p>
-
- <p>SSL certificates can be pinned in Domain Settings.
- Besides protecting against MITM attacks,
- pinning a self-signed certificate for a device like a wireless router or access point will remove the error message that is normally presented every time its website is loaded.
- Tapping on the active tab displays the current website SSL certificate.</p>
- </body>
-</html>
\ No newline at end of file