[JoshTriplett]

> At worst it's a bunch of random people in the cafe whose WiFi you're using - but these people don't have the resources to track your activity once you leave the cafe.

Depending on what you're doing, one-time collection may be enough.

Also, many captive portals are provided to businesses by companies whose own business interest is in tracking people, and they'll absolutely correlate the data.

Rather than having to worry about whether the service you're getting internet access from will track you, make it impossible for them to do so.

[AlexandrB]

Isn't this just imparting a false sense of security? The one party who I'm most worried about getting my data, Google, will still get it.

I think you've still failed to answer my basic point - how is this not just a competitive moat that benefits Google? If we care about privacy and data collection, legislation is required because Google and Facebook have no reservations about sucking up everything they can. If it's ok for them to do it, why not $RANDOM_CANADIAN_ISP?

[JoshTriplett]

It's not an argument against HTTPS.

If you use HTTPS, you know you're talking to the site you think you're talking to. If that site itself is sharing data in a way you don't want, including by pulling in third-party scripts, you have a problem with the site. That's not an argument against HTTPS; communicating in cleartext doesn't solve that problem, it just means that other people the site doesn't trust can also access that data.

Let's not let the perfect be the enemy of the good here. Universal HTTPS is an improvement.