It really isn't. Been serving my personal site as HTTPS since 2014, free with @letsencrypt. All sorts of rather dodgy operators have been attempting to manipulate non-secure HTTP connections.
Comcast: https://arstechnica.com/tech-policy/2014/09/why-comcasts-javascript-ad-injections-threaten-security-net-neutrality/ …
Verizon:https://arstechnica.com/information-technology/2014/10/verizon-wireless-injects-identifiers-link-its-users-to-web-requests/ …
2015: HTTPS is expensive security theater.http://scripting.com/liveblog/users/davewiner/2015/12/18/0667.html …
-
-
-
Do you mind if I don't implement https on my sites?
-
I’d prefer it if you did: it protects me, and other readers, from being MITM attacked by malicious parties. But you do you.
-
It's a huge job.
-
you're on plain S3 right? I bet you could do it in under 10 minutes, maybe 5. just turn off custom domains on S3, so you serve on https://<bucket>.s3.amazonaws.com, and throw Cloudflare in front of it. or you could just start using CloudFront. 52.216.21.114
-
Lol I've no idea where that IP comes from, presumably I meant to paste a link to the docs but I can't remember now
End of conversation
New conversation -
-
-
One good reason to use https is that (in the uk) ISPs screw http. Vodafone doesnt (last time i tried) allow HEAD requests. Breaks internet.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.