[jlarocco]

I'd like to see something comparing the number of people blackmailed or exploited by sniffed HTTP traffic versus the number of people affected by back end exploits or social engineering. Everybody screams about HTTPS because it's easy to do, but it's a tiny problem in the grand scheme of things, and it gives people a misplaced sense of security.

[dane-pgp]

To be fair, there's not much that browser makers can do about back end exploits and social engineering. Google aren't in the business of writing back ends for third parties, and it's difficult to know if a website's back end is insecure, so I don't know who you expect to hear "scream", or who they would scream about.

The article is about one practical measure that a browser maker has taken to improve the piece of user-facing software that they are responsible for, and some users of that software are applauding this improvement.

Having said that, I do accept your over all point that there is a lot of other work that still needs to be done in securing the web. As you suggest, that's not going to be easy, but let's not fail to fix the things that we can fix already.