Despite the browsers' dire warnings, you are still far more protected visiting a website with a self-signed certificate than visiting a plain http website.
> Yesterday, reading this page in plaintext was perfectly fine, but today, add some AES to the mix, and it’s a terrible menace, unfit for even casual viewing.
March 24, 2017 -- "During the past year, Let's Encrypt has issued a total of 15,270 SSL certificates that contained the word 'PayPal' in the domain name or the certificate identity. Of these, approximately 14,766 (96.7%) were issued for domains that hosted phishing sites" [1]
LetsEncrypt isn't perfect either. You've got to be cognizant of what details you are sharing over the connection, regardless of who signs the certificate.
> You've got to be cognizant of what details you are sharing over the connection, regardless of who signs the certificate.
So why not cut out the browser errors, for free? Somehow this vaguely feels like Don Quixote straining hard to hold onto the original definition of the term "hacker".
Props to this guy for sticking to his beliefs; I don't mean for this to be interpreted as saying anything should be changed.
Right. I've visited Ted's site in the past, and had no certificate warnings. Now, suddenly, I am getting warnings. So isn't that the exact scenario in which I should be very suspicious?
It's just a blog; I'm not submitting anything, but still it's an indicator that something fishy might be going on.
> Yesterday, reading this page in plaintext was perfectly fine, but today, add some AES to the mix, and it’s a terrible menace, unfit for even casual viewing.
-- https://www.tedunangst.com/flak/post/moving-to-https