
Ask HN: Why Doesn't Paul Graham Get a SSL Certificate? - jzox
Let&#x27;s Encrypt allows one to get a SSL cert in the time it takes to make a cup of coffee. Not to mention the SEO benefits, so it seems a bit odd that PG hasn&#x27;t got a SSL cert for his blog.
======
jaas
I see a couple of replies saying something like "plain HTTP [still] works
fine."

Sure, it works in the sense that most of the time the page will load as
expected, but it's not safe or reliable. I don't want our standard for
technology to be that it "works" for some shoddy definition of works - I want
it to be safe and reliable. Plain HTTP is neither safe nor reliable.

Even if you don't care about the privacy benefits of HTTPS, plain HTTP can be
modified. This means that when you load an HTTP page you cannot be confident
that what you're seeing is what the server sent. The content could have been
manipulated, ads or malicious script could have been inserted. This has been
exploited in real world attacks many times.

Sites that do not use HTTPS put their users at risk during every page load
because the users are forced to load content that can be tampered with. Paul
Graham (and everyone else using plain HTTP for their site) should not be
putting their users at risk like this. All sites should use HTTPS.

------
utkarsh_apoorva
He is a non-confirmist :-D
[http://paulgraham.com/conformism.html](http://paulgraham.com/conformism.html)

------
jacquesm
Because (1) he doesn't have to, the web still works without (fortunately), (2)
I highly doubt he cares about SEO benefits.

------
brudgers
[IANPG] HTTP seems like the simplest thing that might work.

