• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Life is about to get harder for sites without https

 
author & internet detective
Posts: 41860
908
Eclipse IDE VI Editor Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I read this recently. The ranch uses https so we are good. I'm wondering if this is a good idea. Does everything really need to be https? If I'm checking the weather is that a secret?

Also, some sites have cert troubles as browsers upgrade or certs expire. So I'm wondering if this will mean more broken sites.

Life is about to get harder for sites without https
 
Saloon Keeper
Posts: 7582
176
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
(Jeanne, I took the liberty of changing "with" to "without" so as not to confuse people :-)

If I'm checking the weather is that a secret?


People have different levels of perceived privacy and security needs. You may not mind, but someone else may not want other people to know for which cities she checks the weather. And in the ever more numerous public WLANs it's easy for other people to snoop on unencrypted traffic. Given how easy it is these days to set up HTTPS, and how little overhead it actually creates, I think this is a good path to take.
 
Marshal
Posts: 4491
572
VSCode Eclipse IDE TypeScript Redhat MicroProfile Quarkus Java Linux
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Jeanne Boyarsky wrote:... Does everything really need to be https? If I'm checking the weather is that a secret?


I think it is less about privacy and more about ensuring that the integrity of the site's content, that it has not been altered en-route or had malware injected through a MITM attack, and as a protection against interacting with a rogue site after being directed there by DNS hijacking or some other means.
 
reply
    Bookmark Topic Watch Topic
  • New Topic