Now I think I finally get why Google wants HTTPS everywhere.
- A lot of pages have Google code embedded in them.
- This code sends data back to Google.
- Suppose Comcast wanted to track users in addition to Google, or in place of Google.
- Now as the text of my page passes through their router, they simply modify the Google code, and leave the rest of the page alone.
- They wouldn't want to alert anyone to what they're doing, so they'd keep it as innocuous as possible. They probably would leave the Google code in, at least at first, so as to not arouse suspicion.
- They can do this because a lot of the sites that include Google code don't use HTTPS.
- This assumes Comcast can't crack the HTTPS. I have no info either way on that.
Disclaimer: I never wanted to have to understand this stuff.
More: They probably couldn't care less about pages that have no code in them.
Also: Of course it's not just Comcast. All the mobile providers. In Europe, Asia, everywhere. And it's Facebook too. They have a browser coming too.