Sunday, May 17, 2015 at 8:45 AM

Something doesn't smell right about the rush to "deprecate" HTTP

Google and Mozilla and others want force all non-HTTPS sites to become HTTPS.

And while the name HTTPS sounds a lot like HTTP, it's actually a lot more complex and fraught with problems. If what they want to do ever happens, much of the independent web will disappear.

  1. First, the problem as I understand it, is that some ISPs are gathering data about the content flowing through their routers, inserting ads and cookies and otherwise modifying content. I agree of course that this is a bad thing.

  2. Going to HTTPS does not get rid of all possible ways of snooping and modifying content. A toolbar, for example, hooking in after the content is decrypted, could change the content. Google tried to do this at one point in the evolution of the web. And even if you couldn't do it with a toolbar, Google and Mozilla both own popular browsers. They could modify content any time they want. HTTPS won't protect us against their snooping and interference. Why are we supposed to trust them more than an ISP? I don't actually trust them that much, btw.

  3. Key point: If you care about whether ISPs modify your content, you can move to HTTPS on your own. You don't need Mozilla or Google to force you to do it.

  4. It also depends on how much you care. Sure in a perfect world I'd want to stop all of it on all my content, but in that perfect world I would have infinite time to do all the work to convert all my websites. I don't have infinite time, and neither do you. I try to pick my battles more carefully. You can waste a lot of time doing something because it seems the right thing to do and end up accomplishing nothing.

  5. What I care about is that sufficiently motivated people will be able to find my archive in the future. I don't think the odds are actually very good, for a lot of reasons. This is just the newest.

  6. Given that a vast amount of content likely won't move, Google and Mozilla are contemplating far more vandalism to the web than any of the ISPs they're trying to short-circuit.

  7. Aren't there other less draconian methods to try first? How about making it illegal where it is not and working with government to enforce the laws? How about developing competition that doesn't do it, so everyone has a choice? That's the way Google is changing how ISPs work in the US. Why not elsewhere? How about developing a kind of encryption that does not require websites to do anything? I don't know if it's possible, but I haven't heard any discussion of that.

  8. Couldn't you use a VPN to tunnel through the nasty ISPs?

  9. This is why we need to overthrow the tech industry as a governing body. It's run by people who shoot first and ask questions later. This is an awful way to be having this discussion, after the decision is made, without any recourse? This is the best argument for taking this power away from the plutocrats in tech.


Last built: Mon, Aug 24, 2015 at 9:06 AM

By Dave Winer, Sunday, May 17, 2015 at 8:45 AM. All baking done on premises.