If a site does not require personal information, it does not need SSL to be "secure". Webcomics I read, blogs, etc, do not need to be "secured", as they are not requesting data. They do not need HTTPS.
Which is it - is the site secure without SSL, or does the site not need to be secure?
In the former case, I disagree wholeheartedly. In the latter case, you're not blocked from browsing the site - only informed that it is insecure, a factual statement.
Ah, but they sort of do. HTTPS also protects you from your ISP injecting trackers and ads (which is something US ISPs like to do), and also protects you from third parties listening in on what "benign" sites you visit and building a profile about you.
Still, you're only as secure as your weakest link. An attacker could figure out how to break into your banking account using the information they gathered from you checking your newspaper account.
Open for anyone to see is not the same thing as unsafe. That's a false equivalence.
HTTP is unsafe in the same way that getting a newspaper delivered to your yard is unsafe.
Oh no. Casual passersby know from looking that I have a newspaper on my lawn. If someone wants to snoop when I'm not looking, they now know that I read a specific newspaper. Someone could even steal it.
It's unsafe in the sense that if you leave your driver license, credit cards, birth certificate, cash, and car keys all in your yard over night, you won't be surprised if at least one of them is gone in the morning.
HTTP is a paper in your yard. A poster on a phone pole. A business card on a broken, smudgedy plexiglass subway sign. HTTP is public, and there is absolutely value in putting things out there for everyone to read in public.
It’s more like someone could change an article in the paper before giving it to you, possibly tricking you into purchasing something or going somewhere you wouldn’t have otherwise.
