[grosjona]

I think that the argument that you can't trust ISPs is weak.. With HTTPS, you still need to trust certificate authorities. It is somewhat suspicious that Google suddenly decided to create their own Certificate Authority in 2017. Forcing every website to use HTTPS just reduces the pool of entities who are able to track and manipulate us and it gives a false sense of security.

There is no doubt that this change is designed to take power away from some entities and to put it in the hands of a few key players which Google trusts.

Also, the video created by the author is highly deceptive; the author makes it look like he has hacked the website itself; in reality, he has only intercepted the traffic to his own machine so in reality he has only modified his own view of the website; he hasn't actually hacked anything. I'm sure that the author is being intentionally deceptive; he knows exactly who the target audience for that video is and he knows exactly what it looks like.

[AgentME]

Certificate authorities that participate in Certificate Transparency are forced to publish all certificates they issue, so site owners can tell if a fraudulent certificate for their own domain is ever generated. I think browsers are pushing for all CAs to adopt Certificate Transparency. This greatly reduces the power of malicious CAs.

[ackfoo]

The web was supposed to be open and free; it was supposed to democratize the exchange of information. We have lost control of it by allowing corporations to subvert that idea.

Frightening stupid people by exaggerating threats that they don't fully understand is what corporations do to sell their products and services.

Using a browser underwritten by a large corporation is a very bad idea. When it pops up a message saying that a static website is insecure, it's time to get another browser.