[amgin3]

This is a really stupid move. There are plenty of instances where websites do not need to use HTTPS, like simple static websites for small businesses that do not collect personal user information. This is going to cause a lot of confusion and outrage when it is implemented.

[orangecat]

There are plenty of instances where websites do not need to use HTTPS

No there aren't.

like simple static websites for small businesses that do not collect personal user information

Until the connection gets MITMed to return a fake login page.

[throwaway2048]

Please tell me a way to enable https for local LAN only devices that does not involve me MITM'ing every connection to them..

[ksk]

This centralizes publishing rights to browser vendors & security cert vendors. I don't want to take permission from any third-party before publishing content on the web.

In any case, its rather rude of you to presume to know what people should think about this topic.

[gmueckl]

What login page? Your typical company website just has a few pages of text without any active elements. Forcing those to buy SSL certificates creates just another artificial barrier to entry.

[dredmorbius]

Whatever login page the attacker wants to present. They're betting percentages.

Google. Amazon. sac.mil. fed.gov. Whatevs.

[ridiculous_fish]

HTTPS remains difficult to deploy for non-SWE web designers (i.e. the classic "webmaster" role).

[imhoguy]

Actually have to disagree with that. Currently "free SSL cert" is becoming part of every managed web hosting offering.