Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> Free domain-validated fully automated HTTPS cert distribution wasn't a thing, and now it is.

Free compulsory ...



It is not compulsory. The browser may warn about lack of HTTPS, but that's about it.

And I won't visit such HTTP-only site since it indicates the site owner does not care to protect my (meta)data, but they probably don't want my clicks.


And would you think this way if they didn't spam the "accept the risk and continue" scareware?

Why is it phrased as the risk is coming from the web site, when the risk actually comes from the backbone and whoever is able to intercept your communications?


(paraphrasing from memory because it's a while since I've seen it)

> Your connection is insecure. Information you send could be intercepted by attackers. Accept the risk and continue?

Explains the problem in simple terms. Calls out the website for being lazy and careless. Gives you the option to proceed if you don't care.

Why is this scareware and how would you word it?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: