Why is this site not encrypted?

[fsflover]

Which setup are you using where you require HTTP and cannot use HTTPS? The mere existence of HTTP endangers users who do not know about its problems, because many links are posted in HTTP version and they just click them.

[KC9UDX]

I use many such setups. But it's not just about me. It's about anyone who can't or doesn't want to. I don't blindly click links and neither should anyone else. If they do this in HTTP, they're going to fall for the ad scams in HTTPS too. I find it hard to feel sorry for people like that. They do this in other areas of life too, I suspect.

[fsflover]

I use many such setups.  But it's not just about me.  It's about anyone who can't or doesn't want to.  I don't blindly click links and neither should anyone else.  If they do this in HTTP, they're going to fall for the ad scams in HTTPS too.  I find it hard to feel sorry for people like that.  They do this in other areas of life too, I suspect.

This sounds just like the story about COVID masks. I don't want to wear a mask and I don't care about the others. Let them die if they are not careful.

> If they do this in HTTP, they're going to fall for the ad scams in HTTPS too.
https://en.wikipedia.org/wiki/Defense_in...computing)

And you did not actually answer my question. I honestly have no idea which setup cannot be upgraded to HTTPS without any noticeable downside.

[User 18618]

Not sure which modern browser you used... I was able to easily access the forum via http and https via the current versions of Firefox and Chrome:

Can't replicate on clean instances of Firefox ESR 78 or Chromium 83, using the corresponding Debian stable binary packages.

As the aimless arguing in this thread continues, I'll invoke Bruce Schneier's stance on encryption. Encryption and HTTPS are important; HTTP is blackballed by Mozilla and Google for good reason.

[KC9UDX]

I use many such setups.  But it's not just about me.  It's about anyone who can't or doesn't want to.  I don't blindly click links and neither should anyone else.  If they do this in HTTP, they're going to fall for the ad scams in HTTPS too.  I find it hard to feel sorry for people like that.  They do this in other areas of life too, I suspect.

This sounds just like the story about COVID masks. I don't want to wear a mask and I don't care about the others. Let them die if they are not careful.

> If they do this in HTTP, they're going to fall for the ad scams in HTTPS too.
https://en.wikipedia.org/wiki/Defense_in...computing)

And you did not actually answer my question. I honestly have no idea which setup cannot be upgraded to HTTPS without any noticeable downside.

Please don't even being up the dampanic.

I use an Amiga 2000 on this site from time to time.  HTTPS hasn't worked on that in years.  No doubt you'll say I'm stupid for not just throwing that in the tip and getting some modern computer with 500x the processing capability and 500x the memory.  Until recently, my internet connection was a "2G" cellular signal with a 500Mb monthly limit.  If you can't see the HTTP is an advantage there, I can't help you.  Again this isn't just me being silly.  I know plenty of other people who still live in places where the best you can get is still that and not cheap.

To say that it's not the user's responsibility to use their computer responsibly, is a very unfortunate shift in our culture in recent years.  Everyone seems to feel entitled to have unspecified willfully disadvantaged people protected by everyone else but the person who feels that way.  Really, if it bothers you that other people might put themselves at risk, just consider yourself lucky that you have so many friends with similar outlooks.  The world is a really nasty place.  Thousands of people die of being exposed to it every day.

[marcih]

I actually found that the site (namely the forum reputation "Rate" button) doesn't work properly when browsing via plain HTTP. Still, I welcome the ability to browse and post without JS and HTTPS, even though I use both 99% of the time.

[BronzeBeard]

jed and fsflover,

Bullet point arguments in favor of allowing HTTP are included in post #11, if you care to read the entire thread before rehashing the same arguments others have already made. Rebuttles to common cited reasons for removing HTTP from everywhere is in post #13.


In short, it's the user's responsibility to use HTTPS. If the user is too stupid to do that, then it's Firefox and Chrome's fault. Websites shouldn't be redirecting your protocol. Your browser should check if HTTPS exists and default to that. Sadly, the popular browsers require a plugin for that functionality.

Content providers should provide their content in any reasonable format they deem cost effective. In HTTP and HTTPS' case, there isn't any administrative costs. Refer to post #11 for reasons why HTTP is still a valid choice for some users.

[User 18618]

Anti-HTTPS rhetoric is irrelevant to the thread, not to mention poor security and OpSec practice.

I hope the OP can reach a resolution, this thread's gone off the deep end.

[evilbunny]

This thread is now closed.