Some of the simplest sites around are plain text or text and images. Why do I need SSL or TLS to view either of these?
I am very aware that anything authenticated should be carried over an encrypted connection - I'm not arguing against that. I'm saying there are use-cases that do not require it.
Again, why does it matter if you or Barack Obama or Kimg Jung Un knows that I like looking at Captain Picard meme pictures? How can you tell me that REQUIRES an encrypted connection?
You know what might actually make some fucking sense. Enforce SSL/TLS where it is needed - disable HTTP Auth, Cookies, Location Services, Local Storage, etc over plain HTTP connections.
Some of the simplest sites around are plain text or text and images. Why do I need SSL or TLS to view either of these?
I am very aware that anything authenticated should be carried over an encrypted connection - I'm not arguing against that. I'm saying there are use-cases that do not require it.