[c-cube]

I guess valid TLS is not boring enough for this website?

[thrower123]

I don't really understand why we have decided that static html pages need to have a TLS certificate

[joekrill]

Well for one thing it prevents ISPs from injecting ads (or worse) into sites.

[anderspitman]

But then how is Comcast supposed to tell me I'm about to go over my monthly data cap?

[abdullahkhalids]

Imagine a static website that provides crucial information, for instance, some regulation you have to follow. Your enemy MITM attacks that website and sends you a different page, which gets you in trouble.

The certificate guarantees that the information you are getting is from the entity who actually has access to the server serving the website.

[woodrowbarlow]

even if you have something like a "donate" link that's goes to a third party payment processor. a MITM could redirect that link the their own paypal collections page.

[oftenwrong]

The content is worth reading, well-maintained website or not.

Here's an archive snapshot if you prefer: https://web.archive.org/web/20200202175812/http://boringtech...