Comment by foresto

16 hours ago

I can understand this in in certain contexts, such as a site that exists solely to post public information of no value to an attacker.

A local volunteer group that posts their event schedule to the web were compelled to take on the burden of https just to keep their site from being labeled as a potential threat. They don't have an IT department. They aren't tech people. The change multiplied the hassles of maintaining their site. To them, it is all additional cost with no practical benefit over what they had before.

7 comments

foresto

Reply
charcircuit  15 hours ago

This is why more and more organizations get away with only having social media pages where they don't have to worry about security or other technical issues.

  • foresto  15 hours ago

    Unfortunately, placing the information on a social media page burdens the people seeking it with either submitting to the social media site's policies and practices, or else not having access to it. This is not a good substitute.

    It also contributes to the centralization of the web, placing more information under the control of large gatekeepers, and as a side effect, giving those gatekeepers even more influence.

    • charcircuit  13 hours ago

      Most social media are free and easy to sign up for taking under a minute to do and have user bases that can be measured in the billions. Most people in the world are willing to follow the rules.

      Most people don't use social media via the web. They use it via dedicated apps. I think it's natural that people who don't want to deal with the tech side of things will outsource it to someone else. The idea that everyone will host their own tech is unrealistic.

      2 replies →

cortesoft  14 hours ago

The work and technical expertise to setup let's encrypt is less than the work to register a domain, set up a web server, and configure DNS to point to it.

  • foresto  13 hours ago

    You seem to have missed what I wrote in the first place: They aren't tech people.

    It is additional work, and requires additional knowledge.

    It was also not available from most of the free web hosts that sites like these used before the https push. So investigating alternatives and migrating were required. In other words, still more work.