>> Now, personally I don't feel this is a threat model that I need to
>> worry about. I just use plain old http sources at home, and if
>> "They" learn that I've downloaded rxvt-unicode and mutt, well, good
>> for Them.
> My understanding is that mandating HTTPS for all connections is supposed
> to make it so that those who might be watching can't treat the choice by
> the user to connect via HTTPS as a sign that the user has something to
> hide, and therefore is worth observing more closely.
My understanding is that the effect has been (in intelligence agencies
around the world) to push the development of attacks/tools that target
the ends of the connections rather than trying to spy on the
connections themselves.
Stefan
