Well, this is certainly…odd. At every one of the last several sites I just now tried to visit in search of blog-fodder—American Greatness, Zero Hedge, a few others—I’ve landed on this twipe instead:
Your connection is not private
Attackers might be trying to steal your information from www.zerohedge.com (for example, passwords, messages, or credit cards). Learn more
www.zerohedge.com normally uses encryption to protect your information. When Brave tried to connect to www.zerohedge.com this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be www.zerohedge.com, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Brave stopped the connection before any data was exchanged.
You cannot visit www.zerohedge.com right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later.
Never even heard of HSTS, and while I admit I’m no kind of web guru, neither am I a complete neophyte. I’m gonna just assume another Leftard DoS attack against the Right blogosphere or some such and just carry on, I suppose. Any of y’all with more complete and/or up to date knowledge on what this might actually add up to is hereby encouraged to clue me via the comments section.
Update! After doing a little checking around, it appears the problem is with the Brave update I just installed, not the various sites themselves.
Things that make you go HMM update! Funny: switched over to Safari just for shits and grins and am seeing the same warning, only unlike Brave Safari DOES at least give me the option to continue risking life and limb by recklessly continuing on to the “unsafe” site. Another difference being Safari throws up the DANGER! DANGER! alert on EVERY site I’ve tried so far, not just some of ’em. So I went to the phone (Brave, on Android) and have so far had no trouble, no clangorous alarums, and no restrictions whatsoever. Not quite sure what to make of all that.
HSTS is HTTP strict transport security protocol and mostly just means that the site insists on HTTPS rather than allowing HTTP connections. The certificate being invalid may be because one of the most popular certificate providers, “Let’s Encrypt” had their certificate expire last night. Most sites update automatically, but some may not.
I just went to Zerohedge and it came up normally.