[DigitalNoumena]

So what you're saying is:

HTTPS is secure -> a bug made 2.6% of all certificates less secure -> that's why we shouldn't use HTTPS?

I'm quite confused how that holds logically. You can either argue HTTPS is fundamentally not secure or is irrelevant; or regret that there was a bug but support using HTTPS

[chrisjj]

Sorry, I should have used this better example: https://www.google.com/amp/s/techcrunch.com/2021/09/21/lets-...

[DigitalNoumena]

Fair enough, that doesn't sound great.

That being said:

> Devices likely to be affected by the certificate expiry are those that don’t get updated regularly, like embedded systems that are designed not to automatically update or smartphones running years-old software releases. Users running older versions of macOS 2016 and Windows XP (with Service Pack 3) are likely to face issues, along with clients dependent on OpenSSL 1.0.2 or earlier, and older PlayStations that haven’t been upgraded to newer firmware.

Still not convinced we can claim HTTPS should not be used in the general, or in this particular, case.

[chrisjj]

If priority is maximing viewability for this site, HTTP beats HTTPS.

[DigitalNoumena]

Why would that be the case? Every modern browser actively discourages visiting HTTP sites so I imagine a non-negligible amount of users decide not to visit the page.

[chrisjj]

That's a myth. E.g. latest Android Chrome here gives zero discouragement. As is proper.

[DigitalNoumena]

Haha fair enough but I think we digress. I did get the warning when I clicked.

The point is I see no evidence why HTTP is better for viewability than HTTPS. I showed there are cases where it’s not. You showed there are cases where it’s irrelevant. But the point remains… when is it worse and is it enough to sacrifice the security benefits?