←back to thread

Web page annoyances that I don't inflict on you

(rachelbythebay.com)
569 points todsacerdoti | 1 comments | 05 Jan 25 01:54 UTC | HN request time: 0.204s | source
Show context
imoreno ◴[05 Jan 25 02:56 UTC] No.42599386[source]
I agree with most of this. If every website followed these, the web would be heaven (again)...

But why this one?

>I don't force you to use SSL/TLS to connect here. Use it if you want, but if you can't, hey, that's fine, too.

What is wrong with redirecting 80 to 443 in today's world?

Security wise, I know that something innocuous like a personal blog is not very sensitive, so encrypting that traffic is not that important. But as a matter of security policy, why not just encrypt everything? Once upon a time you might have cared about the extra CPU load from TLS, but nowadays it seems trivial. Encrypting everything arguably helps protect the secure stuff too, as it widens the attacker's search space.

These days, browser are moving towards treating HTTP as a bug and throw up annoying propaganda warnings about it. Just redirecting seems like the less annoying option.

replies(10): >>42599423 #>>42599448 #>>42599461 #>>42599916 #>>42600279 #>>42601148 #>>42605479 #>>42605998 #>>42609172 #>>42627972 #
1. GuB-42 ◴[05 Jan 25 23:33 UTC] No.42605998[source]
I think you missed the "Use it if you want" part.

Both Chrome and Firefox will get you to the HTTPS website even though the link starts with "http://", and it works, what more do you want?

You have to type "http://" explicitly, or use something that is not a typical browser to get the unencrypted HTTP version. And if that's what you are doing, that's probably what you want. There are plenty of reasons why, some you may not agree with, but the important part that the website doesn't try to force you.

That's the entire point of this article, users and their browsers know what they are doing, just give then what they ask for, no more, no less.

I also have a personal opinion that SSL/TLS played a significant part in "what's wrong with the internet today". Essentially, it is the cornerstone of the commercial web, and the commercial web, as much as we love to criticize it, brought a lot of great things. But also a few not so great ones, and for a non-commercial website like this one, I think having the option of accessing it the old (unencrypted) way is a nice thing.