[MyDogHasFleas]

I don't know why you're bothering with SSL at all. Your use case is that your site is informational, it's intended to be open to anyone, there is no personal/customer information on it, and there's no authentication (everyone is anonymous).

All adding HTTPS support will do is make it marginally harder for someone to spoof your site.

And why is NSA surveillance a concern? Your site is wide open for anyone to see, with or without HTTPS.

[simon_vetter]

By sending data in plain text, your users are revealing their intent to retrieve the content hosted on the site, even though that content is public.

That in itself may be considered a breach of privacy, as it exposes your users to passive capture and profiling.

Also, accessing the content you are hosting might be considered legal in some countries but illegal in others, regardless of if it is public or not.

[MyDogHasFleas]

Good points, but I would argue that HTTPS provides little protection against this kind of access tracking.

Even if the site is HTTPS protected, a surveillance actor on the net would still be able to read the entire site, maybe to determine if the site has content worthy of tracking those who access it.

And, surveillance would still reveal that your IP address is accessing the site, and thus triggering something.

What HTTPS would protect is the specific URL path you are going after on the site, because that's in the HTTP GET which is part of the encrypted data traffic.

I guess you could say that maybe the site has some pages that are more sensitive than others, and revealing the exact URL paths you are accessing might set off a surveillance trigger that would otherwise not be noticed. But, the site in question is probably not like that.

[snowwrestler]

DNS and IP are not encrypted by TLS, right? So passive monitoring will see traffic to that site even if the specifics of each packet are encrypted.

If visits alone are problematic, it seems to me that the only possible solution is Tor.

[cowbell]

If only "important" traffic is https, then that narrows the search for them quite a bit, doesn't it?