I have noticed that most of the Chinese country code .cn domains on the internet are still using plaintext HTTP, not HTTPS. Even major Chinese news outlets and somewhat large Chinese companies (the really big ones like Huawei tend to use .com and do use HTTPS) are plaintext. I’m curious, anyone know why this is?
Sounds fairly obvious to me. Also: “China is now blocking all encrypted HTTPS traffic that uses TLS 1.3 and ESNI”
At first I too thought that it might be for surveillance, but that’s honestly a stupid way to keep tabs on websites since Chinese courts can just subpoena any website with with servers in China.
The problem is that they can’t censor individual pages anymore. After all, the whole site is encrypted with HTTPS. This can lead to draconian penalties where China will outright ban an entire website when it’s really only trying to get rid of a couple of pages.
Disabling HTTPS is basically the DMCA protection of Chinese websites 😉
True.
Though I still find it weird that Chinese news outlets like China Daily, which the government presumably has a say in, still does this. Being plaintext makes it impossible to verify that the information you’re getting is actually what’s on the website, which might be even more important than security for a news site.