Why is this meme being pushed so hard?

It's good for privacy, http only can be intercepted and changed easily, many ISPs made tons of money by just injecting ads in plain html, any 14 yo kid can hack your login page for example in any public wifi

Governments can't know what you're writing or reading, they just can know the domains you're visiting, nothing more than that

It's 2017, https computation overhead is insignificant, you can get it for free using letsencrypt

Google especially is pushing for it to hurt ISPs so they can't make use of any data collection so they can enter the internet providing business easily

Do you still use Telnet?

Lower your hand, Mr Consumer Router, you're not a good example to anyone.

No?

Exactly.

Legacy cleartext HTTP support will be removed in Chrome and Mozilla in around 2020 going on current t schedule.

I just lament that it took this many iterations of SSL/TLS (1.3 strongly recommended if possible) and that we couldn't have sorted this all out with pinned opportunistic IPsec back in the day; alas, NSA.

wildcard certificates should be cheaper
fuckin ca jews

>Do you still use Telnet?
Various MUDs are telnet exclusive and there are still some cool websites that are avaiable for telnet.

Letsencrypt is getting wildcard certificates this january, HTTP goes extinct in 2018
letsencrypt.org/2017/07/06/wildcard-certificates-coming-jan-2018.html

>bying into the certificate jew
SSL certificates were mistake

>cute little "not technically a pop-up"
>"We use COOKIES to provide our users with the best blah blah blah" OK? Everyone loves Cookies! :^)
>proceeds to also silently do all manner of shady js adware shit and use your browser to mine memecoins

not a meme
nice try nsa psyop nigger

Lets encrypt will take the power away from the current CA authorities

>meme
Kill yourself my dude

why do you dumbfucks post the stupidest threads ever?

Some of those MUDs have TLS'd telnet though.
t. someone who plays on multiple

>and that we couldn't have sorted this all out with pinned opportunistic IPsec back in the day
what was the deal with IPsec btw? I've only heard about it in my security class but I have no further context. Is it still around?

Just lost 6 IQ points reading this post. Thanks.

ssl is the shit

because WPA is shit

Oh the fun we used to have before it was common place
>user why are all the pictures on my computer now frogs
>user how do you have my new myspace password I just changed it
>user why don't you have any friends

>stealing your mates runescape passwords with ettercap
those were the days

Is there an alternative for https everywhere on palemoon

...

>with https, the attacker first needs to get the SSL encryption keys, which may not be impossible
Can you explain? I always thought https was impenetrable unless you have some local malware

There's always chance.

>sniffin the handshake
I don't understand http secure

For example, the NSA sends a website a NSL to get their SSL key, then they can snoop/modify traffic however they wish.

You have to be retarded to share any sensitive information over the internet regardless of protocol, you should always assume someone can read it.

If you want actual secrecy your only option is IRL meetings and exchanging one-time-pad keys.

YESSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS
FILTHY GOY!

Httpssssssss is the devil! It's inefficient! It adds precssssssious milliseconds to each and every requessssssst!
Sssssend your bank data over the internet unencrypted! HEHEHEH!

you have to be retarded to think this is a viable way of life in 2017
have you never applied for a job or bought something online?

when https is secure why would you need tan then, huh?!

Checkmate, bad goyim.

Just ssssend a long passsssssword! HEHEHEH!
Oy vey...

>Legacy cleartext HTTP support will be removed in Chrome and Mozilla in around 2020 going on current t schedule.
What I don't understand is why they haven't done this many years ago.
They wouldn't have to remove support for http, they should just change the icon so it is more visible when you use http.
When you visit a site with a self signed cert, there is a huge popup warning you that you might not visit the genuine site.
The same thing should happen when you visit a http site. (as this is not signed either).
It should have been that way 5 years ago, if we had any organizations fighting for freedom online they would probably addressed this.

>Governments can't know what you're writing or reading, they just can know the domains you're visiting, nothing more than that

...

> porntube.xxx/video/watch/159193019/hot-teen-anal-gangbang-pussy-horse-cock-enema-bdsm

>ISP guy monitoring your traffic: "hmm I wonder what user's watching, too bad all the data between the server and him is sent using a ((((secure connection)))) and I can only see the address!"

t. NSA

How is encrypting the data you transfer over the internet a meme?
retard
this

...

Well, yes, it is, a, meme

That's not how it works, https also encrypt the request url. The only thing the provider will see is porntube.xxx, so have fun with your horse cocks

>using your ISP for DNS
>not using a VPN

ya'll cowards dont even use http

Learn to read, idiot
>they just can know the domains you're visiting
>THE DOMAIN
>NOT THE FULL URL

I didn't know that actually.

Maybe you shouldn't talk out your ass then you fucking idiot.

I'm not him.

Please don't bully me.

http stands for hyper text transfer protocol
But https stands for HTTP over Transport Layer Security.
Recursive acronyms FTW!
>Really greens my pepper.

All you dipshits that think a traditional CA is "free" to operate should read rfc2527.

Specifically the part about "Physical, Procedural, and Personnel Security Controls" involved with keeping the private keys safe.

>inb4 it's written by CAs

You should also read the security control guidelines for apple, ms, mozilla, and google certificate stores.

It's not like you can just throw the private CA keys on a server and they're safe. There are serious security controls that need to be implemented. For a good fucking reason. That's how we derive trust. That's not free.

Let's encrypt security controls and administration is funded by donations and efforts mainly made by the linux foundation. VOLUNTEERS. This means that private companies in this business aren't about to stop charging for keeping private keys and say "Hey, let's just pay our employees to maintain the security controls this incredibly sensitive service we run.. Without charging our customers!"

>have you never applied for a job or bought something online?

there is nothing wrong with a proper job application.

In terms of buying things online, you can wire the money and you can cancel most purchases when there was fraud.

Further reading
cabforum.org/members/
cabforum.org/about-us/
cabforum.org/wp-content/uploads/CABForum_Network_Security_Controls_v.1.1.pdf