(vivaldi.com)

756 points dagurp | 1 comments | 26 Jul 23 11:30 UTC | HN request time: 0s | source

Show context

swayvil ◴[26 Jul 23 18:56 UTC] No.36883023[source]▶

>>36875940 (OP) #

Why does everything need to be secure now?

I can understand shopping. And reporters of hot news. But why everything?

Why does my http site, which has nothing important on it at all, get flagged by chrome as "insecure"?

This strikes me as a bunch of bs.

replies(4): >>36883301 #>>36885631 #>>36886011 #>>36886406 #

1. Vecr ◴[26 Jul 23 22:22 UTC] No.36886011[source]▶

>>36883023 #

It's insecure because someone on path (or actually off-path but harder) could replace the contents of your website with whatever they want, including taking payments "on your behalf" and then just pocketing them. The main original point of HTTPS, and why I assume it does not use starttls or similar, is so people in the late 1990s and early 2000s could figure out what websites they were allowed to put their credit card numbers into.

↑

Unpacking Google’s Web Environment Integrity specification