[wizzwizz4]

Classic n-gate.

> > If we encrypt only secret content, then we automatically paint a target on those transmissions.

> None of those things are my problem.

> > [HTTPS] guarantees content integrity and the ability to detect tampering.

> The legions of browser programmers employed by Mozilla, Google, Apple, and Microsoft should do something about that. It's not my flaw to fix, because it's a problem with the clients.

I re-ordered the quotes a bit, but I'm reasonably confident I didn't misrepresent what he was trying to say. The counter-arguments after this are good, but the first couple of things are, imo, already sufficient to make HTTPS a very very important thing.

Though… I find myself wondering whether he's really all that wrong, after all.

> Users must keep themselves safe. Software can't ever do that for you. Users are on their own to ensure they use a quality web client, on a computer they're reasonably sure is well-maintained, over an internet connection that is not run by people who hate them.

> It's just software. It can't fix your society.

[solarkraft]

> Users must keep themselves safe. Software can't ever do that for you. Users are on their own to ensure they use a quality web client, on a computer they're reasonably sure is well-maintained, over an internet connection that is not run by people who hate them.

And not use insecure websites, I guess. I don't know how that person expects the browser to magically protect the user if their server transmits in plain text.

[marcellus23]

What's the point you're making with your first two quotes? Are they supposed to be self-evidently incorrect? If you're just serving static content, why should you care whether there are governments out there that may be inserting content into it?

And while "encrypting only sensitive content calls out that content as being sensitive" is certainly true theoretically, almost every site has HTTPS, sensitive or not, so in practice it's not a concern.