You must log in or register to comment.

md_ wrote

The page linked is empty (is that a tacit recognition that there are no good arguments against TLS-as-default?)


ziq OP wrote


md_ wrote

Thanks. Let's see

The web is an open platform, not a corporate platform.

Sure. But encouraging HTTPS is not going against openness, nor it is an example of Google's corporate dominance on the web (real examples exist, this is not one of them)

Also, if Google succeeds, it will make a lot of the web's history inaccessible.

That's an outright lie.

People put stuff on the web precisely so it would be preserved over time.

The web doesn't have this magical property, people have to go and make backups to keep things online. Linkrot exists, and it is unrelated to HTTPS.

The web is a social agreement not to break things. It's served us for 25 years.

Actually, that's unfortunately not the case. The internet was broken already. Not by HTTPS though. It was broken by the rise of the "web application", the proliferation of single-page JS applications, of EME, of closed/proprietary protocols, and of our tendency to prefer the easiness of centralised webservers.

I don't want to give it up because a bunch of nerds at Google think they know best.

I don't know what's the problem with nerds, but Google employees didn't invent HTTPS or were the first to realise how important it is. If anyone made HTTPS their priority, is EFF and Mozilla.

Keeping the web running simple is as important as net neutrality.

In this whole section, other than simply saying "HTTP is simple, HTTPS is complicated" as an axiom, no argument was presented to justify this.

They believe they have the power

They do have power, and they do abuse it often. Discouraging HTTP is not an example of abuse.

Many of the sites they will label as "not secure" don't ask the user for any information.

HTTPS is not just for privacy, it is also for integrity. Non-encrypted transport is open to manipulation.

Also, sometimes the privacy concerns do not arise from people eavesdropping on the information you submit, but also from thirdparties knowing what exactly you are reading.

but fail to mention that they can do it in the browser, even if you use a "secure" protocol

This statement is "a sleight of hand". It's a misdirection and it's not an argument against HTTPS.

Of course the browser controls website rendering. And that's a reason why people should not use Chrome. But the disprivileging of HTTP-only sites on Chrome is not related, and on its own it's positive.

yet still have valuable ideas and must be preserved.

Websites will not die because of HTTP being discouraged. Websites die for other reasons.

It's like a massive book burning, at a much bigger scale than ever done before.

Wow. The argumentation gets poorer and poorer as this goes on. That's an outright lie again.

Why force people to do it? This suggests that the main benefit is for Google, not for people who own the content.

Wow again.

If it were such a pressing problem we'd do it because we want to, not because we're being forced to.

Are you sure we want to apply that argument to other issues on the web then?

Because this argument will come in favour of web centralisation, in favour of Google, Facebook, Microsoft, Apple, Amazon etc. People like them, therefore they must be good.

For me, the amount of work is prohibitive, even with Let's Encrypt, which people have told me about a huge number of times.

Honestly, just start with that, because the other excuses of an argument are doing you a disservice.

You didn't future proof your work, and you don't want to go back and retrofix everything. That's OK. Your stuff will not go away. People will discouraged of visiting them, and that's also OK.

I don't think anyone has the right to change the web so they no longer work.

Discouraging HTTP is not changing the web. It means that Chrome will have saner default settings. Mozilla should have done this first, imo.


ziq OP wrote

why are you addressing me like it's my article? I didn't write it.


md_ wrote

I'm not addressing you, I'm replying to what I am reading.


ziq OP wrote



md_ wrote

It's something I often do when replying below quotes, it's a reflex to reply in the second person. I see how it's confusing, I'll try to preface it as "replying to the author" next time.


xxi wrote (edited )

Well... Everything md_ said. Being aware of the risk of manipulation, the only thing I see is a nuisance that trivial mostly text-only sites arbitrarily get down-ranked. Such sites can have some value. (Before you get mad, read the last line).

I visited a site only available under plain HTTP today. It was a rudimentary site of a minor village which happen to lay near a nature reserve. Still being update, looks like it's from 1998 but these people provided me with some information that I couldn't find anywhere else. They seem very passionate about their village but I understand that they probably won't hire a webmaster because it's done on a non-profit basis. There's no reason to expect that some tech-savvy savior will swoop in from above, do the work for free, teach them how to do it themselves and then do the same for all similar sites around the web. So in that sense I guess that "penalizing" can have a detrimental effect to such niche sites and favor more general information repositories who might have an entry for their village but lack vital information about it.

HTTPS would be preferred, but the text on the village's site is about as easily manipulated as the physical brochures they might send to, or give, people.

So in that sense Google's omniscience could favor certain pages above others sort of arbitrarily. Can't think of something really substantial of the bat, but StartPage/lxquick could be one. There's probably a shitload of other cases where someone's using Google data to do something interesting that's not entirely repulsive.

That's a problem. I don't expect Google to be fair in that regard though. Bottom-line is: don't use Google. Google is powerful, but Google is not the web.

However, none of this is detrimental to the validity of HTTPS. The text this post points to sort of misses the mark.


ziq OP wrote

How much do google's search rankings affect other sites like duckduckgo and startpage?


xxi wrote (edited )

StartPage sources its result from Google.

I've got no idea if DDG is effected. I'm completely pulling the following out of my ass (in contrast to partially as I did above) , but seeing as Google is the "bawz" of search engines I guess Yandex and other sources DDG uses could take a cue from Google. Thereby affected search result.

Wouldn't put the last part forward as an argument in a debate though. I'm just speculating.


[deleted] wrote


ziq OP wrote (edited )

no one here uses google. But their actions hurt sites like this - they very deliberately deranked us for our politics. They keep upping the standards for inclusion so that only organizations with deep pockets can get noticed.