|
|
|
|
|
|
by superkuh
2334 days ago
|
|
|
>Absolutely not. You do not get privacy without HTTPS. My sites do because I put all of them up as tor hidden services too. >Browser defaults regarding JavaScript, certainly have nothing to do with it. They do. Because everything 'insecure' you just described comes from users running code that might be injected. There's no danger from some entity tricking some person into viewing a simple html page. |
|
|
No, I gave 3 different examples where JavaScript is irrelevant but HTTPS is still important.
* Online banking (HTTPS prevents snooping)
* Software updates (HTTPS ensures you get untouched data)
* Browsing a Wikipedia page about a medical condition (HTTPS prevents snooping)
> There's no danger from some entity tricking some person into viewing a simple html page.
That's not true. Not all browser security flaws involve JavaScript.
Browser flaws aside, it's still important to prevent an attacker from modifying the page to perform a phishing attack (tricking a non-technical person into visiting faceb00k.com, and then capturing their password). Less seriously, HTTPS blocks injection of spam into your page by an ISP.
HTTPS is also important to prevent profiling by unscrupulous ISPs.