The philosophy suggesting that a non-HTTPS site isn't good for your privacy is a pretty good one... I can understand why the author believes it's a bit authoritarian for a web browser to forcefully mark a site as "bad for your health" if it's not HTTPS-enabled but only contains something like old blog posts, but it almost seems like he's forgetting that modern internet surveillance techniques used by governments capture everything unencrypted and it's in everyone's best interests to avoid it as much as possible.
What if that old unmaintained blog site you are looking at was compromised and is being used as a dumping ground for illegal information sharing (illegal by some countries standards at least) and you happen upon one of the posts or comment threads containing the illegal content? Suddenly there is a record of you somewhere pulling those specific blog posts despite your lack of intent to look at illegal information.
At the same time I think it's rather easy for such websites to simply enable a reasonable level of HTTPS (even something with known primes) than it is for them to complain. It takes about 30 seconds with most modern web servers as long as you have administrative access to the back-end of your website and said back-end already has Let's Encrypt integration. An hour at most if you have to get a more traditional non-EV certificate. People's privacy is worth that much time on the part of an administrator.
1 comment
[ 7.4 ms ] story [ 10.9 ms ] threadWhat if that old unmaintained blog site you are looking at was compromised and is being used as a dumping ground for illegal information sharing (illegal by some countries standards at least) and you happen upon one of the posts or comment threads containing the illegal content? Suddenly there is a record of you somewhere pulling those specific blog posts despite your lack of intent to look at illegal information.
At the same time I think it's rather easy for such websites to simply enable a reasonable level of HTTPS (even something with known primes) than it is for them to complain. It takes about 30 seconds with most modern web servers as long as you have administrative access to the back-end of your website and said back-end already has Let's Encrypt integration. An hour at most if you have to get a more traditional non-EV certificate. People's privacy is worth that much time on the part of an administrator.