Hacker News new | past | comments | ask | show | jobs | submit login

I suppose context matters. If I'm browsing a local newspaper the need for SSL isn't nearly as strong as for banking.

Also they're moving away from the icon and going to a full "Not Secure" status. Image: https://i.imgtc.com/9DwDQ6r.png




Is "Not Secure" a false label? Plaintext HTTP is literally not secure against either a passive or active MITM.


If a site does not require personal information, it does not need SSL to be "secure". Webcomics I read, blogs, etc, do not need to be "secured", as they are not requesting data. They do not need HTTPS.


MITM attacks can also simply be injecting malicious code onto insecure websites. They don't have to be stealing your credit card info to be harmful.


>it does not need SSL to be "secure".

>do not need to be "secured"

Which is it - is the site secure without SSL, or does the site not need to be secure?

In the former case, I disagree wholeheartedly. In the latter case, you're not blocked from browsing the site - only informed that it is insecure, a factual statement.


If it doesn't need to be secure, why does a "not secure" label in the browser bother you?


Ah, but they sort of do. HTTPS also protects you from your ISP injecting trackers and ads (which is something US ISPs like to do), and also protects you from third parties listening in on what "benign" sites you visit and building a profile about you.


Still, you're only as secure as your weakest link. An attacker could figure out how to break into your banking account using the information they gathered from you checking your newspaper account.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: