[chaxor]

TLS doesn't matter / isn't needed here right? The IP address is still in the header from what I understand. So the only thing https can hide is the content, such as a credit card or password that you enter into the site. The fact that it's a plaintext website that doesn't change means that the exact same information is encoded in simply giving the IP address as there is in knowing that someone looked around the site - because there's nothing else to do? I would like to learn more about how I am wrong, if I am wrong.

[cesarb]

> So the only thing https can hide is the content, such as a credit card or password that you enter into the site.

TLS is not only for hiding the content, it's also for authentication: it ensures that no malicious middle party can modify the content, for instance to inject malicious Javascript (for an example of this happening, read about the "Great Cannon" attack on GitHub).

[candreasen]

It also hides what URLs you visited. Depending how the hosting is implemented, just being able to see the IP, or even the domain name, wouldn't show what you were doing, but if it's in plaintext, they can see exactly what pages were visited and files downloaded