So, have you all got your HTTPS protocols in order yet? Aren't you existed about the future?

Sincerely, Google

Why would you not want https?

In case you haven't caught up somehow: http://this.how/googleAndHttp/

As a member of the internet for longer than Google, I agree.

If you don't agree, why the fuck not? (valid answer is not already argued by Dave in the FAQ).

@towmeykaw the timing. Just posted the answer. The question isn't why you wouldn't want it, it's why you think it's ok to have it forced upon you. It would be OK of there was a law that demanded it, and you therefore of course didn't have to pay extra for it (like even a good percent of people who rent a web server and slaps up a blog or whatever has any clue) - and/or it is going to become ncluded automatically by the host - due to a fucking law.

@fuck2code what the.. I can't go there from here, but in my browser.

Follow the FAQ link in the first sentences here then (and it WILL work for you too) http://scripting.com/2018/06/...

Just to show its working if you don't want to click for some reason. The link is the world's first blog. It's safe.

Here is a view from the other side of the argument. https://troyhunt.com/life-is-about-...

@towmeykaw yeah, that didn't score many points in comparison. It didn't touch any other subject than "it's dangerous and you should RUN FOR YOUR LIFE". Did you even read what I linked and the MAJOR concerns about the future of the internet? Or did you just choose to ignore them?

And of course: what's the odds, anyways? Do they REALLY motivate breaking the internet? Or at least draining the pool of creative minds pretty hard.

By draining the internet you mean all the people to lazy to get a free cert and sites that are basically abandoned by the creator? And what makes you think Google are the only ones who are doing this. Mozilla and Safari will probably follow soon. And http will still work. It's just a warning.

@towmeykaw so, if Google jumps off a bridge, then Mozilla does it, will you follow? It's a safety risk being alive you know..

Google started it. I'm not interested in discussing who they duped.

And honestly, are you a webdev? Did you come from somewhere else than a degree in the field? How can you sit there and talk such shit about people starting out, minimizing it to 'being lazy' - like that's the issue in a topic that's already hard to start out in. Most places teach you to type some code, but when it comes to the whre and how to use it, it can be real tedious just to get that answer as a newbie. So you lose practical application. Motivating.

Oh, and yes, access will be blocked entirely. Not just a warning. At least that's what Google explicitly said themselves when I followed up on a security warning from Google themselves in inspect element console two months ago. Do you have a source where they claim to go back on that promise?

Did you see the banner on the page you linked? Did you read the article? It's clearly an ad to sell licences.

"Oh what a shock! The number of people who bought it went up after the warning! It must mean they're real bright people who sees the benefit. Just like that guy at that bodega last week that saw the argument about protection from the streets."

That you're not even reacting to the fact that it's the only possible solution they present as a cause of the stats is brilliant.

I don't think we will be going any further. May I suggest using Internet Explorer. That way you are safe from updates 👍

@towmeykaw cleary. Amazing that you even bothered to answer at all if you weren't going to bother reading. Something you obviously didn't do if you're making this about me and missing the point in neon caps flashing about the macro perspective here and what's really driven innovation on the web for all of its existence.

Nothing in this world evolves from locking ourselves inside of bunkers with fort knox protocols. That's just a fact of life.

Could you link somewhere saying http will be depricated? I would love to read it. @Skriptkiddy

@towmeykaw weren't you done?

Title: "Deprecating Non-Secure HTTP"

First sentence: "Today we are announcing our intent to phase out non-secure HTTP."

https://blog.mozilla.org/security/...

Search engines get results. Test it.

..and again, you haven't touched a single point other than the security issue, or what will happen to the shitload of web that will be lost on the world. Even if it will not be entirely deprecated and that's not what they are aiming at (they just want to show a bunch of warnings forever, right?) - you still have the "THIS SITE IS A FUCKING SCAM" written over 90% of the web in a few days from now. Do you think the average 99.8% of the users on web are going to think "Ahh, I could win the lotto a few times over faster than being a victim here" or do you think they are going to think "Oh fuck! Glad I didn't go there. I sure know to stay away from here in the future"?

Yeah, you're right, there is no point in continuing this.

I have a side web project and went for https - Let's Encrypt doesn't cost a thing. Also, I offer https only by redirecting http to https.

I'm happy that Google kicked lazy/dumb webmasters in the butt to get their shit together. That's second only to Steve Jobs who killed the Flash plague.

Sorry I looked for something from Google and not Mozilla. My bad. Also
"It should be noted that this plan still allows for usage of the “http” URI scheme in legacy content." @Skriptkiddy

@Fast-Nop well I'm still not discussing corporate sites. Thought that's was obvious by now. If you want to discuss the path this thread is taking, how about showing some netiquette and start a rant about how good that one single aspect in this whole mess is instead of changing the topic of mine?

@towmeykaw meaning every site without form fields from what I've read as the only exception.

Still, if you're not interested in touching the subject and nitpick on the least relevant point in my rant - which I've made abundantly clear on multiple occasions now - why are you still here? The disrespect is in the web hall of fame mate.

@Skriptkiddy First, what makes you think that a side project is a corporate project? Second, what makes you think that it is offtopic to answer Google's question that you yourself are quoting in the OP?

@Fast-Nop oh, I seem to have Let's Encrypt on one of my sites actually. It's still naive to think regular people will go there instead of being scammed by some host as it's probably at the checkout that they even hear about it for the first time.

And if you want a web only made by those who study webdev as a career path, have at it. We probably don't need a web of possible innovation, possible ways in to the job market for a lot of people who will now go even shorter before quitting. I'm sure it will stimulate the economy too.

@Fast-Nop I'm not quoting Google in the OP. Am I expected to keep on going when you can't even bother to read? In my comment after the OP I also linked to a page with the issues I intended to discuss. How is that not clear? If it wasn't from the start, how isn't it clear by now when I've basically repeated and elaborated in just about every comment after that?

Discussing because you just want to say something instead of actually discussing is pointless. Why do you even start if you won't commit? Disrespectful. Millennial?

I'm dropping this now (not pulling a @towmeykaw).

@Skriptkiddy your OP reads "sincerely, Google". I doubt you actually speak on behalf of Google.

Besides, https is not a protection against everything. Just like condoms don't protect you from being run over by a car. So what?

There are even hosters these days who set up Let's Encrypt automatically and for free. So much for a web for web devs only, which is also nonsense.

And "disrespectful" - the millenial seems to be you here, offended by not everyone agreeing with you. I think your rant and your comments simply don't hold water.

@Skriptkiddy I think that if you don't force https on your sites, you clearly don't give a fuck about your users.

@Fast-Nop Yes. I work at a hosting company and we offer free (two-click install) letsencrypt certs!

I think there is a point in the archiving argument. It's valid, and many unmaintained websites still contain valuable information. It would not be good to scare people away from that.

Besides, while now it's just a warning like (I'm speculating) a big certificate warning, next thing we know Google can decide to block it completely.

What Google essentially will be doing is decreasing the credibility of http-only sites, while some contain valuable information. That's not right. Never.

I think both sides have a good point. Forcing sites to use https will make the web more secure. And maybe protect some people from badly written websites. However as the link you posted says. Normal people or beginners don't want to and should not need to think about stuff like this. If you just crested your first website and get blocked by Google or even directly in chrome you will probably just give up.
Besides the web is all about freedom. If Google starts blocking non https sites it's just censorship.

@Skriptkiddy so let me get this straight. You would be okay with a law forcing companies to use SSL encryption. But if Google encourages it, you think that's bad.