Tell HN: Indonesian Telekomsel provider breaks HTTPS
I almost always use my own hotspot on my phone. I've noticed that since I arrived in Indonesia, I've been getting ssl warnings which say: "Warning: potential security risk ahead"
Hacker news and half of the internet has become unuasble without a VPN.
https://imgur.com/a/KZMxSMR
Can somebody explain to me why this is happening? Have you proceeded through the warning? Perhaps by going first to a site you never use like https://fbi.gov (my personal favorite), in a private session. It could be hijacking to display a tos or something. I'm using t-sel right now and don't get this but I do get blocked by the Indonesian censorship often so I always run a VPN. I'd recommend you keep your VPN on always too. I cannot even do a "proceed anyway" in FF. Chrome just says "site cannot be reached". I am just going to enable NordVPN always and accept the performance hit https://internettepat.telkomsel.com/asset/Banner-Internet-Po... This site cannot be accessed because it might contain pornography, gambling, ..etc Aha, I have seen that once. So is that what they are trying to show, which I don't see? presumably that is the page they are trying to redirect you to. I find it interesting they don't try to impersonate the site or anything, but very clearly say it's a telkomsel-issued certificate (tepat/baik is something like 'good' or 'appropriate internet' iirc?) That's what got me as well. They just inject themselves in the middle of my request and expect everything to be fine. Being this naive as ISP is just astounding. I've seen similar weirdness from socialwifi hotspots here. To be entirely fair, you are in a Muslim country with heavy internet censorship. I wouldn't really call it naive as it's the nature of TLS (1.2), you can see the hostname but can't inject a page into the middle without blatant warnings. South Korea, etc all do the same thing
