but like, who’s doing that?

Maybe the answer is disabling the JS runtime on non-TLS sites, maybe that has the added benefit of making the web (documents and “posters”) light again.

SMS is unencrypted, phone calls are unencrypted- yet we don’t worry nearly as much about people injecting content or modifying things. Because we trust out providers, largely, but the capability 100% exists for that; with no actual recourse. With browsing the internet we do have recourse- optionally use a VPN.

All of this security theatre is just moving the trust around, I would much rather make laws that protect the integrity of traffic sent via ISPs than add to the computational waste from military grade encrypting the local menu for the pizza shop.

Worse still, the pizza shop won’t go through the effort so they either won’t bother having a website or will put it on facebook or some other crazy centralised platform.

I’ll tell you something, I trust my ISP (Bahnhof- famous for protecting thepiratebay) a lot more than I trust Facebook not to do weird moderation activities.