Localhost Security Messaging

December 31st, 2022
tech
Browsers these days either mark sites with a padlock (https://) or "not secure" (http://). This warns the users that without the protection of "https://" your communications could be read or modified by any network your packets travel over. But how should "http://localhost" be marked? That's your own computer so it's secure, but the connection isn't encrypted so a padlock would be misleading.

It turns out that the browsers have three options for the url bar, not just secure and insecure. Here's what they look like in Firefox:

Chrome:

Safari:

Despite the unusual URL bar treatment, the major browsers do now all treat this configuration as a secure context (spec), which means you can use features that require secure contexts, like crypto, MIDI, or geolocation.

Comment via: facebook, lesswrong, mastodon, substack

Recent posts on blogs I like:

Elixir's Last Dance

On May 18th, the contra dance band Elixir had their last gig ever. The dance was packed: there were three hundred people. It was the only dance BIDA has ever done where they sold tickets. People flew from across the country just to hear Elixir play one la…

via Lily Wise's Blog Posts June 5, 2025

Body Language For Trans People

When I first came out as trans, resources for trans people were full of advice about body language.

via Thing of Things June 2, 2025

Workshop House case study

Lauren Hoffman interviewed me about Workshop House and wrote this post about a community I’m working on building in DC.

via Home April 30, 2025

more     (via openring)