[zamnos]

Because it's a security liability not to have it enabled, so if he's going to complain about others security problems, the least he could do is put his metaphorical pants on first. He could be forgiven for not having it locked down to an few specialist cyphers he personally believes are resilient to attack, but to not even have it enabled is on the level of not putting your pants on before leaving the house.

[ukuina]

I have not understood the need to force SSL on content that needs no verification.

[1letterunixname]

Yes and no. It's more like flossing than wearing a seatbelt. The html tags won't fall out if you use http:// over port 80. It's not nice to end users in that it permits eavesdropping and content modification of website traffic in the clear by anyone in the network path. The assumption of http:// is that "pamphlets for the public" don't require privacy, confidentiality, and nonrepudiation for other users such as downloading software sources &| binaries or exchanging secret PII. The post-Snowden/-PRISM world opted to deploy https:// ubiquitously as both a virtue signal and technical defense to various problems inherent to using port 80.

[zamnos]

Why does it not need verification? 3rd parties can a) replace the real content with lies, or more likely, b) inject it with 3rd-party ads. (this is not theoretical! *) c) inject crypto-mining/other malicious javascript into it. Outside of that though, d) Other people can see what you're looking at. Even if you don't take privacy seriously, you can at least understand that some people do, and would like their viewing habits to remain private.

* https://www.thesslstore.com/blog/third-party-content-injecti...

[TheHappyOddish]

My letterbox can be a) trivially broken into b) knocked over as it isn't concreted c) stuffed with dog poo.

These risks however aren't a major concern for me, and people who choose to send me mail don't assume security or deliverability.

[1letterunixname]

Have you seen John Gilmore's website?

[zamnos]

John Gilmore's done more for the Internet than I ever could. I'm sure he's got a deeply philosophical, if not cogent reason for why http://www.toad.com/gnu/ is served over HTTP, but more than that, he's John Gilmore and his work speaks for itself. Dick Morrell, aka CloudGuy has no such chops. He's name dropped three unrelated government agencies and a car maker as a reason that his (dubious) claims should be respected, but, well, he's no John Gilmore.

[1letterunixname]

I don't presume to characterize or compare the reputations of people I don't know personally, so wouldn't it be a bit arrogant to do such?