Submitted by nitori in technology (edited )
flabberghaster wrote
I think not everything needs to be HTTPS; like I don't care if the NSA knows I'm reading web comics generally speaking. But the push for everything to be https is kind of more about the non technical users, who don't understand what should and shouldn't be.
You want them to be mistrustful of a non HTTPS site that asks them for payment or login information, because it's marginally harder to set up a phishing site with a valid cert (or it was...) Than it is to just make it straight HTTP so the browser doesn't say "yo dude this site's cert is a little fishy".
That and there were cases of people getting their login credentials stolen at the coffee shops because bad webmasters were not securing things they needed, and now most browsers won't even let that happen. So I think it is marginally better.
Viewing a single comment thread. View all comments