[the8472]

Criminals are much less likely to engage in MITM attacks, besides TLAs it's usually shady ISPs who want to inject some content (similar to surveillance that could be made illegal too, ISPs would in fact care). And criminals also have little incentive to attack read-only sites. Even if they did it might be more efficient to allocate resources to law enforcement rather than securing everything that could theoretically be attacked by criminals.

[emteycz]

They're not attacking the sites, they're attacking the users. Incentives are exactly the same with readonly sites.

I'm a web programmer and I have no idea how the law enforcement could in any way help. Nor do I want them to. The idea that I have to cooperate with law enforcement to put a site online is absurd.

See "Tech support scams" on YouTube to see what's being done today. We're talking about billion-dollar crime organizations.

[pixl97]

Another one for the list of attacking users....

You're updating the firmware on a server. The firmware is signed, so the attacker cannot outright put their own firmware on your system. The version you're using currently is secure, and the version you want to go to is secure, but there are versions in between that are insecure. All an attacker needs to do is modify the DNS and http stream to feed the firmware with an RCE to you, and then they can directly take over your server.

[rapind]

Wordpress begs to differ. There are tons of examples of malicious JS on read only sites. Doesn’t have to be MitM. Usually it’s to generate ad views on another site, but can be more nefarious.

[ziddoap]

>Criminals are much less likely to engage in MITM attacks

Can you provide a source, or even just reasoning, to why this would be true? In my experience, MiTM is a common enough attack vector used by criminals.