[nbraud]

There are several reasons you want this, relating to security, privacy and “politics” (in the wider sense).

Regarding security, using HTTPS (along with the right measures on externally-hosted content) guarantees (to some extend) that what the users gets is what you meant to publish: an hostile network cannot replace the content with misinformation and cannot inject JS -- to exploit the client or not (as was done with the “Great Cannon” [0] which took down Github).

Privacy-wise, a number of countries routinely spy on their communication infrastructure, and revealing “I visited this website” is far more problematic than “I visited this Tor-related post on this website, and left this comment”.

The last reason for systematic HTTPS is “political”: if we go towards a situation where HTTPS is systematically employed, HTTP-only website will be subjected to increasing amounts of social pressure as adoption rates grow: deploying HTTPS (and preferably best-practices) on your “text-only” website pushes other websites (that might “need” it more) to deploy it too.

[0]: https://citizenlab.org/2015/04/chinas-great-cannon/