Comment by brewmarche
5 hours ago
Without HTTPS someone could alter the content, spread false information, inject ads, malware, and other stuff, redirect to some other site, …
(This is a general remark, but it goes for a blog post like this as well.)
It's still a weak argument since it's extremely rare in practice that's why I suggested blaming the ISP instead since ISP's are the ones that have historically tampered with http content.
Attacks in general are all rare in practice in the grand scheme of the internet. So?
Yes, that's why you present a better argument, that's the entire conversation.
The site owners could do all of that even with HTTPS, and no-one would revoke their certs. Just saying.
And the best Windows malware is actually digitally signed.