TLS did "exist" (well, as SSL), but this was a time when you'd maybe see it used on a few websites that had it on just the specific pages that took a credit card.
It was well before most other protocols were worrying about the security or privacy of being intercepted at all. Decades before TLS by-default-because-why-not started becoming a thing (largely because of LetsEncrypt). Especially for an app that was mostly for pirating stuff. Your email and it's login/passwords, IRC, instant messaging, regular browsing, etc all happened in plain text.
And despite the physical networks being super vulnerable back then. Ethernet was mostly connected by hubs/ring/shared coax, so every device received every other's packets. WiFi was just coming around and is a shared medium. Several rounds of inept security schemes failed to even keep people who don't know the network password from intercepting nearby traffic. Most networks didn't have security on yet anyway.
> TLS did "exist" (well, as SSL), but this was a time when you'd maybe see it used on a few websites that had it on just the specific pages that took a credit card.
Indeed, I had forgotten about this. You'd go from the regular site on HTTP to the credit card page on HTTPS and back again. For a time, it was important to check that the page that you were actually entering the card details on was on HTTPS before you clicked the submit, and that the target was also HTTPS.
It was well before most other protocols were worrying about the security or privacy of being intercepted at all. Decades before TLS by-default-because-why-not started becoming a thing (largely because of LetsEncrypt). Especially for an app that was mostly for pirating stuff. Your email and it's login/passwords, IRC, instant messaging, regular browsing, etc all happened in plain text.
And despite the physical networks being super vulnerable back then. Ethernet was mostly connected by hubs/ring/shared coax, so every device received every other's packets. WiFi was just coming around and is a shared medium. Several rounds of inept security schemes failed to even keep people who don't know the network password from intercepting nearby traffic. Most networks didn't have security on yet anyway.
The Hotline protocol was/is mostly binary messages sent over TCP with a 4 character text message type followed by a corresponding packed data structure of the related data. (https://hotline.fandom.com/wiki/Protocol#Session_Initializat...)