6 Apr
2022
6 Apr
'22
7:20 a.m.
On 2022-04-06 9:27 a.m., Paul Koning via cctalk wrote:
That's true IF you don't care about malicious content being injected
into the material you're loading over http. "Protecting credit card
numbers" is not the only thing encryption is good for.
Whoooosh and now watch this become the first 400 post off topic thread
of 2022...
On Apr 6, 2022, at 9:20 AM, Noel Chiappa via
cctalk <cctalk at classiccmp.org> wrote:
...
I have been told that at one point Google was 'downgrading' results that used
plain HTTP, instead of HTTPS, because they were trying to push people to
switch to HTTPS (this was when everyone was hyperventilating over the Snowden
revelations). Given the near-ubiquitous use of HTTPS these days, I'd have
thought that piece of 'information credit engineering' by our tech overlords
was past its 'sell by' date, and now serves primarily to block people from
finding the material they are looking for (as here).
That's a classic example of a rule invented by people who can't think. In fact,
HTTP is perfectly fine for sites that arenot conducting web-based business activity.
Blogs are a good example, and I know at least one that runs HTTP for the simple reason
that nothing else is needed. Bitsavers is another example; nothing would be gained by
adding all the overhead inflicted by HTTPS.
paul