Ask HN: Do we need secure connection for websites?
I do understand the benefit of secure connection which makes requests encrypted between the user and the server but why do we usually have https for websites that doesn't contain any signing up or transferring sensitive info, just normal html.
for instance, this website http://three-eyed-games.com/2018/05/03/gpu-ray-tracing-in-unity-part-1/ does it need to implement ssl certificate?
4 comments
[ 4.6 ms ] story [ 64.0 ms ] threadSo no, a blog post talking about ray tracing doesn't inherently need to have HTTPS, but it's a good practice for any and all websites to implement it, to protect user privacy and prevent tampering. Nothing bad is likely to happen if you read that site, though, so don't worry about it if you're just a regular user.
That particular content is innocuous but you’d better believe there is some static web site you could visit that could get you in trouble with some government somewhere.
It’s not so clear what might be sensitive somewhere (maybe your work doesn’t want you wasting time reading stuff like that when it has nothing to do with your job.). If all sites are encrypted, not just the sensitive ones, the job of mass surveillance becomes a lot tougher.
The Snowden revelations were no surprise to me, the NSA was founded to do exactly that. SSL became popular because of mass surveillance being perceived as a threat, it is not just the NSA, other countries like Russia, France, Israel, Iran, etc. would do the same as well as organized crime groups, “hackers” and such.
[1] - https://blog.torproject.org/tls-certificate-for-onion-site/