- From: Michael Martinez <michael.martinez@xenite.org>
- Date: Thu, 18 Dec 2014 10:01:09 -0500
- To: public-webappsec@w3.org
- Message-ID: <5492EC35.80706@xenite.org>
> On Wed, Dec 17, 2014 at 11:42 AM, Patrick Kolodziejczyk > <patrick.kolodziejczyk@viseo.com <mailto:patrick.kolodziejczyk@viseo.com?Subject=Re%3A%20Marking%20HTTP%20As%20Non-Secure&In-Reply-To=%3CCAPgoku0KTDycNXdv0N8c4%3DVPsmrgwKZSZ1KO--LEuU0oyP8Zrw%40mail.gmail.com%3E&References=%3CCAPgoku0KTDycNXdv0N8c4%3DVPsmrgwKZSZ1KO--LEuU0oyP8Zrw%40mail.gmail.com%3E>> wrote: > > Help people to know when they send private data and to who. > > That’s exactly why HTTPS is needed. Over HTTP there is no way of > knowing who you’re talking to. HTTPS is completely useless. Not only has it failed to prevent massive man-in-the-middle attacks against Google and other large "secure" service providers this year, it doesn't do anything to protect users' data from hacking. And why should a Website that doesn't require anyone to be logged in have to use HTTPS? You want every innocent blog to marked as "unsafe" just because it doesn't use HTTPS? That is completely stupid. The specifications for turning any smart phone into a rogue wifi hotspot have been loose on the Internet for a long time now. Every coffee shop and restaurant you walk into can be used as a front by anyone who wants to collect user login and password information by setting up a second connection point with a name that resembles the official in-house network. HTTPS can't stop that and making it more inconvenient for people to access the Web is not helping them in any way. Let Google's Chrome team hang themselves with stupidity. Other browser vendors do not and should not be following in the footsteps of this completely brainless agenda. -- Michael Martinez http://www.michael-martinez.com/ YOU CAN HELP OUR WOUNDED WARRIORS http://www.woundedwarriorproject.org/
Received on Thursday, 18 December 2014 16:25:23 UTC