[kyleee]

Let's hear more about your threat model that causes you to wory about nefarious content being injected into a blog post about comments in code

[Gh0stRAT]

Not OP, but residential ISPs were caught injecting ads into HTTP sites at least as early as 2014. [0]

I certainly wouldn't trust Comcast to keep malicious ads out of their ad network, either.

[0] https://www.techdirt.com/articles/20140908/07191228453/comca...

[sinsterizme]

How about not opening the gates for third parties to inject ads, trackers and crypto miners

[cpach]

I agree that in this case (reading an article) HTTP is not a huge threat. But in 2021 I consider HTTPS + HSTS to be a basic hygiene factor.

[brazzledazzle]

A bit snarky but I agree, it doesn’t seem like a huge threat. I’d love to be proven wrong though.