main_icn_My_Vodafone main_icn_Search main_icn_Chevron_right main_icn_Chevron_down main_icn_Close main_icn_Menu social-facebook social-google-plus social-linkedin social-twitter social-youtube main_icn_Community_or_Foundation main_icn_Location main_icn_Network_signal
Menu Toggle

Welcome to Vodafone Community

Pay monthly

Website security certificate coming from vodafone content control even though it's off.

4: Newbie

December 2015    ' I’ve chased them for an update.'

 

April 2017     'I've chased this with our specialists'

 

I won't hold my breath

 

View more options
2: Seeker

have recently noticed this happens with my Mediafire Cloud storage subscription

 

That's very concerning. They are spying on your connection, to your private files. 

View more options
Moderator

@kovacs

I'm sorry this is taking longer than expected to resolve. Once we recieve an update from our specialist team, we'll be in touch.

 

Thanks

View more options
4: Newbie

'I'm sorry this is taking longer than expected to resolve.'

 

I'm curious - back in 2015, when this was first brought up, how long was it expected to take?

View more options
Administrator

@kovacs As soon as we have an update from our specialist team, we'll update the thread. :smileyhappy:

View more options
4: Newbie
View more options
2: Seeker
kovacs wrote:

Why has it taken so long?


There is nothing taking any time. You're just being given the run-around.

 

The government has asked them to hack your connection, give you invalid DNS responses and invalid certificates and insert a MiTM attack so they can censor your use.

 

The solution is to use Google's DNS servers:

 

8.8.8.8

8.8.4.4

 

Alternatively, stop using Vodafone.

View more options
Moderator

Apologies for the delay @kovacs. Once we receive further information, we'll add this to the thread.

View more options
2: Seeker

There is no further information you can add.

 

Your techs will not get back to you and say:

 

"It's now possible for us to MiTM these connections without serving invalid certificates"

 

This will never happen, what they've been asked to do is technically impossible, for very good security reasons.

 

The only solution is to not use your legislatively hacked DNS servers. While complaining to your legislative representatives.

View more options
4: Newbie

'There is nothing taking any time. You're just being given the run-around.'

 

 

It's looking increasingly likely

View more options
2: Seeker

They're asking the techs "Can you hack these connections without invalid certificates?"

 

The techs are saying "No, we can't, it's impossible, for very good reasons. That's what happens when you let politicians write software and control internet infrastructure".

View more options
2: Seeker

ChazzD wrote:

@jaysto

 

We're working on a solution with our vendor that will ensure that HTTPS traffic will work normally in the future. 

 

We don't have an expected timescale for this at the moment. When we do have an update, we'll update this thread. 


This will not happen, as it's technically impossible. There are very good reasons why you can't fake an encryption certificate and have it also be valid. If this were possible hackers could MiTM any connection without warnings being displayed.

Stop training your users to add certificate exceptions. You're training them to accept MiTM attacks.

 

The only solution is for Vodafone to fight IWF in court or customers to not use your DNS compromised servers.

 

It's absolutely abhorent that you are complicit in doing this.

View more options
4: Newbie

I have manually switched to the Google DNS servers, which certainly provides a quick & simple solution for most people.

 

But, what an absolute train-wreck of a thread this is.  Vodafone, you have ZERO credibility with these "Hmm.. that's odd.. maybe you should call tech support" and "We're looking into it, sorry it is taking longer than expected" nonsense.  The thread has been running for some YEARS now.  You're just making yourselves look like damn fools.

View more options
4: Newbie

'But, what an absolute train-wreck of a thread this is.  Vodafone, you have ZERO credibility with these "Hmm.. that's odd.. maybe you should call tech support" and "We're looking into it, sorry it is taking longer than expected" nonsense.  The thread has been running for some YEARS now.  You're just making yourselves look like damn fools.'

 

Couldn't agree more. 

View more options
2: Seeker

WHY AM I EVEN STILL WITH VIRGIN.
So back again on this thread, I honestly don't know why I'm even trying but hey look now Hotmail.com is blocked randomly... cool can't check emails 10/10 Virgin.

View more options
4: Newbie
View more options
4: Newbie

'I've chased this with our specialists and a member of the team will update this thread as soon as we hear back. '

 

2 weeks later......

Still haven't heard from them?  Looks like they don't take you very seriously

 

 

 

View more options
Moderator

@kovacs

 

We're yet to receive an update.

 

Once we do, we'll update this thread immediately.

View more options
4: Newbie
View more options
2: Seeker

You will not recieve an update from your techs as what is being asked for is technically impossible. For very good security reasons.

 

You can't simply serve invalid MiTM attack certs and expect them to work without adding exceptions to users browsers. 

 

Best bet is to lobby government to stop hacking your users.

 

Concerning that hotmail is being eavesdropped on, indicates this is in fact a spy program and not a censorship program.

View more options