I’ve been writing about Google’s efforts to deprecate HTTP, the protocol of the web. This is a summary of why I am opposed to this.
DaveW’s take on Google’s pitch:
- Something bad could happen to my pages in transit from a HTTP server to the user’s web browser.
- It’s not hard to convert to HTTPS and it doesn’t cost a lot.
- Google is going to warn people about my site being “not secure.” So if I don’t want people to be scared away, I should bend to their will (as if the web were their platform).
The rest of the article is Dave’s rebuttal, a thoughtful read from a very smart someone who knows this stuff inside and out. A few bits:
Google is a guest on the web, as we all are. Guests don’t make the rules.
A lot of the web consists of archives. Files put in places that no one maintains. They just work. There’s no one there to do the work that Google wants all sites to do.
Google has spent a lot of effort to convince you that HTTP is not good. Let me have the floor for a moment to tell you why HTTP is the best thing ever.
Neither take is about bashing HTTPS, or about ditching security in any way. It’s about thinking carefully before ditching openness and about how decisions about the internet are and should be made.