W dniu 2022-01-10 o 15:33, Wietse Venema pisze:
There are many sites like this, that contain only publicly available
information. No login, no purchases, no personal data collected. What is the
benefit of using HTTTPS in that case? (Except of protecting you from
possible spying, but what will be the value of the data obtained for someone
spying on you, if the data is public already?)
The recent hype towards "all sites must be HTTPS" is in my opinion caused
solely by a wrong assumption that all websites are somehow commerce-related
and collect personal data.
I can think of many cases where information about which site you are
visiting is important, even if there is nothing private on those sites.
Last time I looked, DNS queries were not secret.
You can enable DoH in Chrome of FF. But DNS query itself is not as
sensitive as whole URL. And latter is encrypted.
Jaroslaw Rafa pointed that destination IP address is known to ISP - this
is the same as DNS query - not as sensitive as whole URL.
IMHO encryption (with some metadata leaking) is better than no
encryption at all.
--
Best regards,
Łukasz Wąsikowski
