[adamjc]

Does it matter? You're not giving the site any sensitive information.

[immibis]

Yes, it does. An MITM attacker can deliver malicious code to you which runs in the website context, and can exploit any bugs in your browser's javascript engine.

[philihp]

Sounds like you have a bigger problem if your browser isn't properly sandboxed.

[immibis]

ISPs previously did this. Not JS exploits, but they injected ads into HTTP web pages. Really popular ISPs, on the level of Comcast.

[nmilo]

Sounds like FUD

[mattigames]

Your ISP (or your router) can easily add their own JavaScript/HTML/ads on websites using http, it's likely that you are using a decent ISP that doesn't but is better if it's not even possible.

[wongarsu]

Public wifis are still a thing, many of them not well secured against Mitm attacks. Also compromised routers. So even if you trust your ISP (and their IT security and supply chain) there are still good reasons to want HTTPS everywhere

[lakomen]

Yes it does. You seem to be living under a rock too asking that question. Here, let me Google that for you:

https://www.google.com/search?q=why+use+https

How hard is it, now that we have had free certs via letsencrypt and the certbot tool to automate vhost configuration to have encrypted and signed data transfer?

It's a matter of 2 minutes to add.

What excuse do you have to not use https?

[adamjc]

I think you should re-evaluate how you speak to people online, it is unnecesarily hostile and I guarantee you wouldn't speak to me this way in real life.

[starshadowx2]

Highly recommended that you read the Hacker News guidelines linked at the bottom of the page, especially the "In Comments" section.

https://news.ycombinator.com/newsguidelines.html

[bassdigit]

OP doesn't owe you an excuse for offering content for free through a technology you disapprove of.

[shadowgovt]

I'm sure the lack of use of HTTPS is absolutely murdering Tom's viewcount.