undefined | Better HN

0 pointsrany_2y ago0 comments

Everything should be served securely these days. Prior to HTTPS being absolutely king, ISPs here used to inject EXEs with malware and do all sorts of nasty stuff. With HTTPS dominating they don't do that sort of thing anymore as the share of HTTP traffic is so low making ROI very low.

Anyway I'll give you one reason based on the above on why you should serve your content over HTTPS, it shields you from potentially having your visitors be victims of something like this and in all likelihood they will blame you for whatever malware their ISP sent their way... they did get infected from your website, after all.

0 comments

chrisfosterelli2y ago

And further, while edge cases around MitM do exist, the reality is really that it'd almost certainly just fine if someone's personal blog was just http in 99.99% of cases. But most of the web traffic isn't someone's blog and it really should be encrypted, and it's simple enough to set up for free nowadays, so it's going to be far easier to get most of the web to be encrypted if we increasingly work to phase out http.

Yes, small blogs are a 'casualty' of this progression towards expecting HTTPS in that they have to put a tiny bit more work in, but if we didn't do this we'd be back in the days of nitpicking about every single 'acceptable' case of http while vendors use the fact that it doesn't have widespread adoption to leave session cookies in plaintext requests for tools like fire sheep to grab.

1 more reply

j / k navigate · click thread line to collapse

0 comments

chrisfosterelli2y ago

1 more reply

j / k navigate · click thread line to collapse