Yes. And I remember sniffing Facebook traffic in clear text in 2011. The fact remains that it was considered a significant engineering problem for them to deploy it. It was a "best practice" that most people rolled their eyes at.

Most users and system owners didn't care unless money was being transacted.

Between Snowden and ISPs injecting content into pages, the consensus changed.

▲

tptacek 14 hours ago | parent [-]

The consensus obviously changed. It's just that it changed years before the Snowden leaks.

▲

ok123456 13 hours ago | parent [-]

The adversarial nature of the US Government changed the threat model, and it moved from a "nice to have" best practice to a business necessity. They were caught red-handed undermining the privacy of US citizens by systematically exploiting infrastructure vulnerabilities, for example, in Google, where messages flowed in clear text within nominally trusted contexts.

▲

johncolanduoni 8 hours ago | parent [-]

I don’t know why the Snowden revelations would prompt a business necessity, at least not a rational one for most businesses. What would the NSA slurping up all your data do to your business, that was both bad enough and likely enough to plan for? What it would do to your country or you as an individual is separate from that.

	▲	kbolino 8 hours ago \| parent [-]
		There were two main issues. 1) A lot of these businesses have customers outside the U.S. Those customers, including some foreign governments, did not want their data to be snooped by the U.S. government. The business risk here is loss of customers. 2) There is no such thing as a private backdoor. If one entity (admittedly a very well resourced one) can snoop, so can others. The publicity also entices new players to enter the game. The business risk here is loss of reputation.