W3C home > Mailing lists > Public > public-privacy@w3.org > October to December 2014

Re: Fwd (TAG): Draft finding - "Transitioning the Web to HTTPS"

From: Chris Palmer <palmer@google.com>
Date: Fri, 19 Dec 2014 14:49:35 -0800
Message-ID: <CAOuvq20UdzcWAAgwM-R2XT0tU8s+VUAoQz001kR72v46VNN6uw@mail.gmail.com>
To: David Singer <singer@apple.com>
Cc: Nicholas Doty <npdoty@berkeley.edu>, TAG List <www-tag@w3.org>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
On Fri, Dec 19, 2014 at 2:40 PM, David Singer <singer@apple.com> wrote:

> Yes, for the site owner, HTTPS appears to have major costs (caching and
so on, making sure certs are correct etc.) and little or no benefit (the
benefits seem to be for the users). If this is what site operators
perceive, we’ll need to address it head-on if we want change.

Benefits for site operators include:

* Having a privacy policy that might possibly be meaningful
* Having a chance at being PCI compliant, so they can collect payment
* Defense against having their ads replaced, which hurts ad-based
* Defense against having their UX damaged or mangled by intermediaries
* Defending their users against pervasive passive surveillance
* The ability to invoke powerful new web platform features
* The ability to deploy HTTP/2 to realize performance gains

Those are all real-world, non-theoretical problems that real site operators
really face.

See also:

RFC 7258: Pervasive Monitoring Is an Attack

NSA uses Google cookies to pinpoint targets for hacking

Verizon’s ‘Perma-Cookie’ Is a Privacy-Killing Machine

How bad is it to replace adSense code id to ISP's adSense ID on free

Comcast Wi-Fi serving self-promotional ads via JavaScript injection
Received on Friday, 19 December 2014 22:50:02 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:49:28 UTC