Does my site need HTTPS?

Find out if your site needs HTTPS.

(Hint: it does) why does this send me to a different domain that's in french and the "english" button does nothing?...

Security aside, google ranks sites with https higher than sites without all else being equal.

One genuine question, is there a point in doing that if the downloaded file will be immediately verified (with e.g. GPG or signify-openbsd)? It seems redundant to verify the connection when the result will be checked anyway (so it already can't be tampered with).

The public keys would obviously be shared over HTTPS.

If you are so scared of ads being injected into your favorite http website, don't visit it in compromised networks.

@ScottMortimer @sirjofri This site is mostly fine (I dislike the tone of these things; responding to people as though they’re dumb isn’t great), but disagree with "At least I can still serve my site over both HTTP and HTTPS." on both technical and philosophical grounds.

I’ll skip the philosophical, since this site wants to pretend it’s all objective. Technically: frequently unnecessary, makes debugging harder, makes sites less accessible; see Eric Meyer’s writeup:

@a @ScottMortimer @sirjofri Server-client architecture in general isn't great for local caching. Those with slow connections would probably benefit more from tech like NDN than from anything piled onto TCP/IP.
( )

@csepp @a @ScottMortimer well, in my plan 9 system I can have one central server that runs the webfs and does local caching. I can connect with many clients, mount that webfs and use that. Technically all browsers are the same client on the same machine. Of course privacy is a different story then, but the browser doesn't need to know about encryption at all

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.