This is not at all a safe assumption. If they care to know and have active MITM infrastructure in place, the last time I looked at the issue, identifying which browser was in use (and generally speaking which operating system or set of operating systems) was fairly trivial by fingerprinting the characteristics of the TLS negotiation.
On Wed, Jul 24, 2019 at 11:43 AM jfb1776--- via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > The government sending out SMSes to tell users to install the certificate > don't (until the certificate is installed) know what browser the user is > using. > > .... > > If only 10% of the populace hears what's going on directly, that gets the > word out a whole lot better than 0%. People talk. It might be enough to get > them to stop. *Because* they don't *yet* know which browser. Nobody wants > to be sending out "Hey, install this so you can immediately be told about > my corruption!" to their entire populace. > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
