| ▲ | pc86 2 hours ago | ||||||||||||||||||||||
Man I really hope this doesn't get autoflagged because people need to see that this is an opinion people actually have, and what the (justified) reaction to it is. HTTPS on a blog does nothing. It doesn't protect you from anything. I guarantee you're not getting "all kinds of MITM injections" on this block of text. The only reasonable desire I can think of for "HTTPS everywhere" is hiding the content from your ISP but a) they still see the URL so they can get the content if they want it, and b) if you're so worried about that, use a VPN which coincidentally is even better because it will also hide the URL, and most importantly c) it puts the onus on you, the person who wants the thing, instead of hundreds or thousands or tens of thousands of text-only website owners who rightly couldn't care less about HTTPS. | |||||||||||||||||||||||
| ▲ | foobiekr 2 hours ago | parent | next [-] | ||||||||||||||||||||||
>I guarantee you're not getting "all kinds of MITM injections" on this block of text You actually can’t guarantee anything of the sort. BGP hijacks are real. | |||||||||||||||||||||||
| ▲ | rnhmjoj 2 hours ago | parent | prev [-] | ||||||||||||||||||||||
> they still see the URL so they can get the content if they want it That's incorrect, a MitM can only reveal the server hostname by inspecting the SNI during the TLS handshake, but the HTTP request, including the URL and headers, is encrypted. | |||||||||||||||||||||||
| |||||||||||||||||||||||