I disagree. No security really is as bad as broken security.
I'm guessing you think your church website isn't worth securing because it doesn't have any sensitive content. But in a world where surveillance is pervasive, that's not something you should depend on. For example, if religious discrimination were to lead to members of your church being harassed because of their viewing habits, then the argument that the content isn't sensitive doesn't seem so strong anymore.
For example, if religious discrimination were to lead to members of your church being harassed because of their viewing habits, then the argument that the content isn't sensitive doesn't seem so strong anymore.
HTTPS doesn't hide the IP or even the hostname (SNI is sent in cleartext) of the site you're connecting to, nor the IP of the client, so it'd still be trivial to determine who is visiting the church's website - just not exactly what pages on the site they've viewed. You need something more like Tor or stronger to protect against that.
As much as I'd love that (seriously, not advertising per se of course but most types of cross domain tracking), something tells me that initiative is not going to originate from the Chrome team...
Ads are first-party content, in the sense that they are under the control of whoever is serving the webpage. One would hope that if the content provider were concerned about privacy, they would not choose to serve ads that violated that privacy.
On the other hand, using HTTP would open an otherwise harmless content provider to potential ad-insertion attacks by third parties. So in that sense, HTTPS really does matter here.
I'm guessing you think your church website isn't worth securing because it doesn't have any sensitive content. But in a world where surveillance is pervasive, that's not something you should depend on. For example, if religious discrimination were to lead to members of your church being harassed because of their viewing habits, then the argument that the content isn't sensitive doesn't seem so strong anymore.