|
|
|
|
|
|
by eropple
1718 days ago
|
|
|
It protects visitors on compromised networks--and that includes things like ad injectors at coffee shops that might push nasty code to them, not just people dealing with oppressive regimes and so on. It also provides some benefit around "well, that page is HTTPS, so it's more interesting"--if every page is HTTPS, the signaling value of switching to HTTPS is destroyed, and that is a good thing. HTTPS everywhere is a positive, and it is a good thing to do. |
|
|
What is/was common is internet providers' interest in making money on personal behavioral data in the traffic they transfer. DPI boxes to passively gather statistics or actively inject ads (and even rewrite existing ads) have been offered and tested since the 2000s across the world. Scale of big ISPs would make them Google's (&Co) competitors on personal behavioral data market, and mobile ISPs would combine it with location data, too. Moreover, they would be able to use Google's own tracking cookies to track individual users instead of inventing the classification systems (either by observing them in clear text, or by injecting scripts). The security and income of web services is the real reason for the global “HTTP is deprecated, switch to HTTPS” campaign, not you and your “privacy”.