On Fri, Dec 19, 2014 at 2:40 PM, David Singer <singer@apple.com> wrote: > Yes, for the site owner, HTTPS appears to have major costs (caching and so on, making sure certs are correct etc.) and little or no benefit (the benefits seem to be for the users). If this is what site operators perceive, we’ll need to address it head-on if we want change. Benefits for site operators include: * Having a privacy policy that might possibly be meaningful * Having a chance at being PCI compliant, so they can collect payment * Defense against having their ads replaced, which hurts ad-based monetization * Defense against having their UX damaged or mangled by intermediaries * Defending their users against pervasive passive surveillance * The ability to invoke powerful new web platform features * The ability to deploy HTTP/2 to realize performance gains Those are all real-world, non-theoretical problems that real site operators really face. See also: RFC 7258: Pervasive Monitoring Is an Attack <https://tools.ietf.org/html/rfc7258> NSA uses Google cookies to pinpoint targets for hacking <http://www.washingtonpost.com/blogs/the-switch/wp/2013/12/10/nsa-uses-google-cookies-to-pinpoint-targets-for-hacking/> Verizon’s ‘Perma-Cookie’ Is a Privacy-Killing Machine <http://www.wired.com/2014/10/verizons-perma-cookie/> How bad is it to replace adSense code id to ISP's adSense ID on free Internet? <http://stackoverflow.com/questions/25438910/how-bad-is-it-to-replace-adsense-code-id-to-isps-adsense-id-on-free-internet> Comcast Wi-Fi serving self-promotional ads via JavaScript injection <http://arstechnica.com/tech-policy/2014/09/why-comcasts-javascript-ad-injections-threaten-security-net-neutrality/>Received on Friday, 19 December 2014 22:50:02 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:49:28 UTC