[bigstrat2003]

> It's completely unacceptable to continue using unencrypted protocols over the public internet.

That is nonsense. The reality is that most data simply is not sensitive, and there is no valid reason to encrypt it. I wouldn't use insecure FTP because credentials, but there's no good reason to encrypt your blog or something.

[immibis]

Didn't we already go through this 10 years ago and then Firesheep got created and thoroughly debunked it?

[homarp]

firesheep was built to demonstrate how Easy HTTP session hijacking was (was a Firefox extension)

on HN https://news.ycombinator.com/item?id=1827928

[ndsipa_pomu]

You're missing the opposite issue - people might not care about your data, but you might well care if their data (e.g. porn sites) was uploaded to your blog.

It's not so much about the data, but protecting your credentials for the server.

[lavela]

I'd argue that most people like knowing that what they receive is what the original server sent(and vice versa) but maybe you enjoy ads enough to prefer having your ISP put more of it on the websites you use?

Jokes aside https is as much about privacy as is is about reducing the chance you receive data that has been tampered. You shouldn't only not use FTP because credentials but also because embedded malware you didn't put there yourself.

[rixed]

I, for one, would like to see an ISP dedicated enough and tecnically able to inject ads in my FTP stream. :)

[SoftTalker]

Agree but also wonder if ISPs bother with this anymore, now that almost all websites are https.

[creatonez]

This is the usual horseshit people say about this topic when they don't understand it. It's not just about encryption, but authentication (tamper-resistance). Your blog might not contain sensitive information, but if the entire website is intercepted and becomes malware, you're in trouble.

The bad news with FTP in particular is that only one request has to be intercepted and recorded to have persistent compromise, because the credentials are just a username and password transmitted in clear.