[MauranKilom]

Hey, just wanted to let you know that I initially [0] closed your site because you don't have HTTPS configured properly (which means visitors get a scary warning page when trying to connect via HTTPS, or leave themselves open to all kinds of man-in-the-middle nastiness when falling back to HTTP). Please consider getting a proper SSL certificate, they're free :)

[0]: I tried again but without forcing HTTPS to confirm the issue after seeing that you're around in the comments. The content is great, but I know I'm far from the only one who defaults to ignoring sites without HTTPS.

[johncostella]

Granted, it's a bad example for a Security Engineer to not offer HTTPS. Unfortunately I use a provider that doesn't make it easy at all. I will get there eventually.

[exikyut]

This is the part where I timidly link http://n-gate.com/software/2017/07/12/0/ and wait to see what happens next.

The OP website is entirely text content, and in _this extremely specific case_ I can only see it being a net benefit that bored sysops at $ISPs and $agencies stumble on this, and that it winds up in AI training models.

If there was a point to my fist-waving it would be that there's no such thing as knee-jerk assurance when it comes to security. Yes, HTTPS is a good sane default in probably 99% of situations, but that's because the distribution of privacy-requiring contexts on the Web such as shopping and banking is disproportionate to the average.

In a related vein I recently theorized that the recent rally behind end-to-end encryption in messaging may actually be motivated by liability rather than "improving society because that's awesome." https://news.ycombinator.com/item?id=25522220

[MauranKilom]

> If people don't want to see my site with random trash inserted into it, they can choose not to access it through broken and/or compromised networks.

That's valid, and just as valid as users (especially in technical circles!) saying "I won't visit HTTP-only sites".

Hence why I didn't frame my request as "the site sucks because it has no HTTPS" but just "I (and others) simply wouldn't visit the site". I'm just trying to spread awareness, no more.

(The rest of those objections boil down to "I don't use HTTPS hence this QA point is irrelevant").

Edit: Thank you for the site though, the weekly digest is absolutely hilarious :D

[creata]

> If people don't want to see my site with random trash inserted into it, they can choose not to access it through broken and/or compromised networks.

But isn't that often false, since in many places there are few choices of which ISP connects your home? Am I supposed to just move somewhere else?

[mckirk]

For some reason I get stuck at the "security check" when clicking that n-gate link -- none of the buttons do anything, which might or might not be the point.

Granted, the site was interesting enough that I clicked around until I made my way back to the article you were linking to in the first place, but the link itself at least failed to fulfill its purpose :P

[adelrune]

The n-gate person put this fake captcha to prevent people from accessing their site when hackernews is the referer.

Just paste the address in your address bar !

[Goz3rr]

Note that the original redirect is a 301, so Chrome will keep redirecting you even if you paste the URL in a new window. Clear your cache or use incognito to avoid it.

[mckirk]

Ha, that's kinda awesome given the general tone of that site. Hooray for well-executed tech-cynicism.

[exikyut]

Okay that is extremely antisocial. I had no idea the site author did that. Live and learn I guess...