Like the TSA at the airport.
Security that we never needed before, but now suddenly we do.
Now we’re dependent on a third party gatekeeper for permission to have a web site.
Free, for now.
It’s a move by the weasels-that-be to turn the Internet into yet another tool for profit and control.
Go ahead, submit your credit card details in plain text. I’m sure nothing bad will happen.
All I see is **** **** **** ****
But 99% of us with websites don’t take credit card numbers.
Do you take login credentials that could be skimmed and used for identity theft?
Maybe this one will strike home for people who think it’s a scam by The Man:
With no HTTPS, every single thing you do on the web can be monitored by your ISP’s automated tracking system and sold to data warehouses that then sell the data on to AI aggregators who can profile your activity to figure out how to shape your future behaviour based on how you responded in the past.
And HTTPS isn’t just about protecting secrets, it’s about validating the communication channel hasn’t been tampered with. Without it, anyone between you and your destination could be modifying what actually gets sent back to you, injecting anything from malware to slight changes in text content based on the above profiling info.
HTTPS is part of what keeps the web free and federated.
Yes, security. We love security now. The argument is well known.
But now you need permission from an official to have a web site. That’s bad, right?
What? I’ve got all sorts of self hosted websites. Encrypted by HTTPS. No permission needed. If Let’s Encrypt vanished, I’d just switch to self-signing my certificates and using a pinning service.
Doesn’t chrome flag self-signed certificates?
Ok, I didn’t know that was a thing. Thanks
You should probably be more concerned about DNS than HTTPS. DNS is a point where government censors actually do go after web sites they don’t like.
The problem with TSA is that it reduces our privacy and dignity in exchange for security (that security may be theatre). HTTPS is different because it increases privacy which allows us to keep more dignity (security that is not theatre.)
TSA is like needing to strip so that your clothes don’t get wet while going out in the rain, while HTTPS is like wearing a raincoat so your clothes don’t get wet while going out in the rain.
HTTP is like using a postcard, HTTPS is using a sealed envelope. Which would you use for your bank information?
The “third party gatekeeper” does more than just secure data, it also acts as a validation that your site is what it says it is. So if someone jacks your domain out from under you and hosts something totally different, people can tell that something’s up.
99% of us with websites never touch bank information.
But would you be OK taking all the stuff you write on those websites, and scrawling it on a giant chalkboard in your town square instead? One where anyone can see (or even change) what you’ve written?
And http still works in any browser I know of.
I kind of get your frustration though. I set up my personal website precisely to get away from big platforms; yet my HTTPS is validated by Google. It feels like a defeat still having them involved in the process.
Thank you.
Use http and Chrome calls you insecure and there’s a red flag and you have to hit a special button… daunting for the average user for sure.
Firefox is good tho.
One person pointed out that letsencrypt is backed by a bunch of good powerful people. Which might be bullshit but it makes me think again.
