zlacker

[parent] [thread] 2 comments
1. JohnFe+(OP)[view] [source] 2023-02-24 15:58:05
You should consider filtering your HTTPS streams.
replies(1): >>LinuxB+64
2. LinuxB+64[view] [source] 2023-02-24 16:14:49
>>JohnFe+(OP)
Funny you should mention that. I have a few Squid-SSL-Bump proxies that I use for a few devices. For several years I even used that to visit HN and to my surprise was rarely rate limited or blocked when accessing from a VPS. With Squid I can also make decisions on content types, file sizes and more. There are only a handful of sites it doesn't work with because they for whatever reason are still using public key pinning. A few google sub-domains, eff.org, paypal but interestingly no banks.

This only works with devices that I can install my own CA key onto. I have not figured out how to do that with the vehicle diagnostic tool.

replies(1): >>JohnFe+NN
◧◩
3. JohnFe+NN[view] [source] [discussion] 2023-02-24 19:31:04
>>LinuxB+64
> This only works with devices that I can install my own CA key onto

Yes, that's why I don't use any commercial IoT devices. I have no actual control over them. Before I shed the few I did have, I kept them segregated on their own subnet so that at least their presence didn't have to impact anything else.

[go to top]