This gets trotted out a lot, but who is "everyone"? At worst it's a bunch of random people in the cafe whose WiFi you're using - but these people don't have the resources to track your activity once you leave the cafe. Otherwise it's just the same rogue's gallery of large corporations interested in adtech/surveillance money: ISPs, device makers, other online service providers. The thing is, none of them have the reach, data collection, and analytics capability of Google. And Google almost certainly gets all this information too, whether you use HTTPS or not (see reCaptcha, Google Analytics).
To me, this rationale looks an awful lot like a moat to stifle Google's competition. If collecting "the urls you're browsing" is wrong, why is it ok for Google to do it? And if it's not wrong, why is it somehow better that only Google gets to do it?
> At worst it's a bunch of random people in the cafe whose WiFi you're using - but these people don't have the resources to track your activity once you leave the cafe.
Depending on what you're doing, one-time collection may be enough.
Also, many captive portals are provided to businesses by companies whose own business interest is in tracking people, and they'll absolutely correlate the data.
Rather than having to worry about whether the service you're getting internet access from will track you, make it impossible for them to do so.
Isn't this just imparting a false sense of security? The one party who I'm most worried about getting my data, Google, will still get it.
I think you've still failed to answer my basic point - how is this not just a competitive moat that benefits Google? If we care about privacy and data collection, legislation is required because Google and Facebook have no reservations about sucking up everything they can. If it's ok for them to do it, why not $RANDOM_CANADIAN_ISP?
If you use HTTPS, you know you're talking to the site you think you're talking to. If that site itself is sharing data in a way you don't want, including by pulling in third-party scripts, you have a problem with the site. That's not an argument against HTTPS; communicating in cleartext doesn't solve that problem, it just means that other people the site doesn't trust can also access that data.
Let's not let the perfect be the enemy of the good here. Universal HTTPS is an improvement.
To me, this rationale looks an awful lot like a moat to stifle Google's competition. If collecting "the urls you're browsing" is wrong, why is it ok for Google to do it? And if it's not wrong, why is it somehow better that only Google gets to do it?