On Sat, 15 Apr 2023 11:00:52 -0400
<pa...@quillandmouse.com> wrote:
> Okay. Let's open this can of worms. The ONLY reason https is used on
> most sites is because Google *mandated* it years ago. ("Mandate" means
> we'll downgrade your search ranking if you don't use https.) There is
> otherwise no earthly reason to have an encrypted connection to a web
> server unless there is some exchange of private information between
> you and the server.
I disagree. If everyone only encrypted the traffic they wanted kept
private, the bad guys would know that decrypting a stream would yield
sensitive information. If we all encrypt a lot of our traffic,
sensitive and otherwise, we reduce the advantage of cracking encrypted
traffic.
There is no such thing as absolute security. There is only relative
security. The object, then, is to make yourself more secure than other
people. The bad guys will leave you alone and go after easier pickings.
Of course, the easier pickings should wise up and up their game as
well, leading to a nice virtuous spiral.
--
Does anybody read signatures any more?
https://charlescurley.com
https://charlescurley.com/blog/
