I have noticed that most of the Chinese country code .cn domains on the internet are still using plaintext HTTP, not HTTPS. Even major Chinese news outlets and somewhat large Chinese companies (the really big ones like Huawei tend to use .com and do use HTTPS) are plaintext. I’m curious, anyone know why this is?

  • muesli
    link
    fedilink
    arrow-up
    2
    ·
    4 years ago

    Sounds fairly obvious to me. Also: “China is now blocking all encrypted HTTPS traffic that uses TLS 1.3 and ESNI”

    • AgreeableLandscapeOPM
      link
      fedilink
      arrow-up
      1
      ·
      4 years ago

      At first I too thought that it might be for surveillance, but that’s honestly a stupid way to keep tabs on websites since Chinese courts can just subpoena any website with with servers in China.

      • muesli
        link
        fedilink
        arrow-up
        2
        ·
        4 years ago

        The problem is that they can’t censor individual pages anymore. After all, the whole site is encrypted with HTTPS. This can lead to draconian penalties where China will outright ban an entire website when it’s really only trying to get rid of a couple of pages.

        Disabling HTTPS is basically the DMCA protection of Chinese websites 😉

        • AgreeableLandscapeOPM
          link
          fedilink
          arrow-up
          1
          ·
          4 years ago

          Though I still find it weird that Chinese news outlets like China Daily, which the government presumably has a say in, still does this. Being plaintext makes it impossible to verify that the information you’re getting is actually what’s on the website, which might be even more important than security for a news site.