[nunez]

this is exactly what's happening and it can be concerning, but from reading the http/3 spec, i think the changes make a lot of sense.

http/3 is multiplex by default, which lends itself much better to RPC (love it or hate it), and is designed to perform much better over choppy network connections (cellular).

also there is really no good reason to not be on https these days. first, chrome uses system certificate trust stores, and OSes still ship with a healthy set of root CAs. second, LE is only popular because creating certs with literally anyone else (except the cloud providers) is expensive and a huge pain in the ass...but you can still get your own shiny cert issued by DigiCert or whomever. third, every web server has made enabling https on vhosts really easy and almost all servers run on CPUs which do hw-accelerated crypto, so performance hits are negligible these days. fourth, i would personally much rather get a SSL warning when the site I'm visiting isn't who they say they are than get a site that's modified in transit silently without me knowing.

the only thing i use http for these days are super simple local dev sites or for my dummy page for detecting captive portals.

the change that really worries me is chrome going all in on neutering adblockers through manifest v3. that feels hugely anti-consumer to me.

[superkuh]

You're missing out on the fact that the de-facto standard which is disappearing is HTTP+HTTPS. Not one or the other. Together they provide security and choice. This is what I hope we all chose to continue supporting. I am not anti-TLS. I'm not even anti-CA TLS. I just think HTTP should be an option.

The only situations where HTTP has reason to be removed entirely are government/corporate/institutional sites with a genuine risk of MITM attacks on login/etc processes. For normal websites (ie, not web applications with accounts) created by humans this makes about as much sense as wearing a bullet proof vest while on the phone; yeah, you're more secure but... it's not actually helping.