Main Area and Open Discussion > Living Room

Http vs Https Universally

(1/4) > >>

wraith808:
Interesting blog post on Techdirt: https://www.techdirt.com/articles/20150514/14203531001/yes-switching-to-https-is-important-no-not-bad-thing.shtml

My problem is the added expense.  I'm only running a few free sites.  I do host for some people, and they have https as they want.  But as for me, if all I'm doing is serving random content with closer to zero people looking at it than I'd like to think, why do I need to pay extra because it's a 'good idea'?

Can anyone answer me this question?

And is Mozilla's move to deprecate http in its browser a wielding of power?  Or a genuine thing that needs to be done?  And Chrome's move isn't *much* better.

And just for an alternate view - a well written article from Ben Klemens: https://medium.com/@b_k/https-the-end-of-an-era-c106acded474

I just don't see it, in all honesty.  If it were free... then that would be a different story.  There's the Let's Encrypt initiative... but until it arrives, I don't believe it.

ayryq:
I found techdirt through the list here on DC and often find interesting articles there. This one had some good points that I hadn't thought of. I have quite a few https sites that "seem" broken because the domain (mine) doesn't match the certificate (box-something-or-other.bluehost.com). I'm with you, though, I'm serving random content to basically myself, so why bother? Although it would be nice when I set up an email client, I only have to click "remember this exception" once.

I'm a nerd, though, so if it's free, I'll probably do it. But free is exactly how much it is worth to me to have a REAL certificate. Not $419 for sure!

Deozaan:
If you're serving it to yourself, SSH/SFTP/SCP into your server. :Thmbsup:

Stoic Joker:
My problem is the added expense. I'm only running a few free sites.-wraith808 (May 15, 2015, 05:40 PM)
--- End quote ---

Me to, and I include the added resource requirements for all the (IMO unnecessary) encrypting as everything is getting stuffed up the wire.


But as for me, if all I'm doing is serving random content with closer to zero people looking at it than I'd like to think, why do I need to pay extra because it's a 'good idea'?-wraith808 (May 15, 2015, 05:40 PM)
--- End quote ---

Amen to that! ...What "problem" are "we" trying to solve here?? MITM attacks...on what exactly?? It's publically available content ... So it would be an idiotic waste of effort to break into a stream of data that you could much easier just go read on your own. That's like encrypting all the billboards on the side of the highway so people have to get and be wearing very special - and very expensive - glasses to be able to read your advertisement messages. WTF is the point? ...Complexity for the sake of itself?? A placebo level of reassurance that people are then "protected" from an academic exorcise that nobody in their right mind is dumb enough to bother with?


It's been said there is a time and place for everything...and I do believe that to be true. But encrypting everything, everywhere, and at all times is just paranoia to the absurd. These hyper paranoid pundits need to unplug, crawl out of their basements, and reacquaint themselves with how interaction with a real person actually works.

eleman:
What "problem" are "we" trying to solve here?? MITM attacks...on what exactly?? It's publically available content ... -Stoic Joker (May 16, 2015, 07:42 AM)
--- End quote ---

Take the case we have here in Turkey. The government liberally censors the web, and the next logical step is keeping a log of who reads what. Then I'd be in deep trouble for just reading something like this.

1984 feels very real in this part of the globe. https may delay it for a while, and I'd support that.

Navigation

[0] Message Index

[#] Next page