I like using http where appropriate and not wasting resources.
I publish a blog and there’s no need for https. Adding https just adds a little more effort and provides no benefit to the user.
I guess if you count the ISP not knowing, but Google knowing, that you’re visiting my blog, then that’s a reason. But that’s a user issue, not a server issue.
Practically, my host does all the cert stuff for me and it’s not hard. I just don’t like the gradual complexification of the web when there’s not a good reason.
Moving more stuff to ssl that doesn’t need to be just burns up extra compute.
I hope someone calculates the carbon footprint of SSLing all the stuff that doesn’t need SSL. While each action it tiny, there’s trillions of cpu cycles wasted on encrypting stuff that doesn’t benefit from encrypting.
You mean like by someone throwing up a huge warning that this page is made by the devil himself and unless he recites the right combination of holy words there is nothing you can do to access it? Ran into a few pages that were hijacked that way, some of them at least seemed to go to the expected content when I got rid of the https.
My comment was actually meant to be sarcastic and a bit over the top. The hijacker in this case would be the browser telling me that the page is not secure and as far as I remember valid certs are enforced to the point where a user can't bypass the error in some cases. In my experience https has always been more of a hurdle when I was looking for some obscure information hidden away on barely maintained websites.
I remember where it used to be fun to do stuff like that, or reverse all the images in pages, etc so thought it was a reference to just general monkeying around with http traffic that won’t work with https.
I get maybe 20 hits a year so I would probably think it funny if someone was interested enough to do this.
No. It’s just static content, there’s no registration and all usage is anonymous. I collect no data. Someone can mitm if they wish, although there’s little motivation.
The risk of harm is that someone could try to misrepresent content or something, but again who has motivation and even if they did it would eventually be repaired.
I publish a blog and there’s no need for https. Adding https just adds a little more effort and provides no benefit to the user.
I guess if you count the ISP not knowing, but Google knowing, that you’re visiting my blog, then that’s a reason. But that’s a user issue, not a server issue.
Practically, my host does all the cert stuff for me and it’s not hard. I just don’t like the gradual complexification of the web when there’s not a good reason.
Moving more stuff to ssl that doesn’t need to be just burns up extra compute.
I hope someone calculates the carbon footprint of SSLing all the stuff that doesn’t need SSL. While each action it tiny, there’s trillions of cpu cycles wasted on encrypting stuff that doesn’t benefit from encrypting.