I bet they have setup a proxy to capture all the traffic so they can capture all the logins and have access to their bank accounts.
That does not work without forcing the users to also use the proxy. Any website that uses https instead of http does not leak passwords, unless the device/browser of the user is compromised.
It sounds like a mechanism to make the town dependend on the cartel for internet, and then demand extortion prices for the internet.
They could easily do a man in the middle attack, but I doubt they would have the need to rob the poor people of their town.
Https is explicitly designed against man-in-the-middle attacks. Modern browsers make a bigggg fuss if a man-in-the-middle is attempting some shit. Those attacks do not work.
And if you do manage to make it work, it sure wouldn't be easier than pointing a gun at someone and telling them to pay up for their internet connection.
Not without a client side certificate
You can ... If people aren't tech savvy you can just serve everyone plain http and most people will ignore the warnings.
More likely they just wanted the subscription money.
I bet they have setup a proxy to capture all the traffic so they can capture all the logins and have access to their bank accounts.
That does not work without forcing the users to also use the proxy. Any website that uses https instead of http does not leak passwords, unless the device/browser of the user is compromised.
It sounds like a mechanism to make the town dependend on the cartel for internet, and then demand extortion prices for the internet.
They could easily do a man in the middle attack, but I doubt they would have the need to rob the poor people of their town.
Https is explicitly designed against man-in-the-middle attacks. Modern browsers make a bigggg fuss if a man-in-the-middle is attempting some shit. Those attacks do not work.
And if you do manage to make it work, it sure wouldn't be easier than pointing a gun at someone and telling them to pay up for their internet connection.
Not without a client side certificate
You can ... If people aren't tech savvy you can just serve everyone plain http and most people will ignore the warnings.
More likely they just wanted the subscription money.