
HTTPS is not a magic bullet for Web security - em3rgent0rdr
http://arstechnica.com/security/2016/07/https-is-not-a-magic-bullet-for-web-security/
======
em3rgent0rdr
tldr: HTTPS provides false sense of security and is difficult to implement.

~~~
Prefinem
I don't see why people thing HTTPS is difficult to implement. Pre Let's
Encrypt it only took me a few minutes to setup an SSL cert for 9 bucks
(cheaper than the domain renewal). With LE, it's now so simple, it's my
default process.

~~~
em3rgent0rdr
thanks to Let's Encrypt, it is easy for someone running their own server.

But I think for regular folk running on a hosted service, who aren't
comfortable with command line and who won't even have the necessary
permission, they are going to be stuck with what they have, and probably have
their domain held hostage, so will be forced to pay for some crappy cert if
they even wanted https.

