[iamkakaroto]

Interestingly, this blog author hasn't activated HTTPS for his own blog yet, which can be done with a single click on the Blogger settings page.

[josteink]

> this blog author hasn't activated HTTPS for his own blog yet,

Who the heck cares about HTTPS for a fucking blog?

[dopamean]

Why is that interesting?

[Buge]

Maybe irritating would be a better word. Or irritating that this is considered normal.

The laid out attack cannot be used to attack the blog, because the blog is already so insecure.

[bandrami]

What would HTTPS gain you or the blogger?

I have literally no idea who oalmanna is, so a third-party saying oalmanna is oalmanna would be completely useless for me.

I suppose it would keep a third party from knowing I read this blog, but I can't find a reason to care about that.

[brohee]

Well with the shit some carriers pull, from injecting personally identifiable information in HTTP headers (http://www.techrepublic.com/blog/it-security/why-are-website...) or code injection in the website content (http://www.infoworld.com/article/2925839/net-neutrality/code...), I sure benefit from an HTTPS connection everywhere...

[Buge]

Well China injected javascript malware into http pages, joining people into a botnet that launched a DDOS attack on the github pages of human rights organizations, causing github downtime.

https://citizenlab.org/2015/04/chinas-great-cannon/