There is no site I know of - or to be more accurate, there is no user of an internet application I know of - that does not need transport-layer security.
I don't need it when I'm reading sports stories, when I'm researching a technical topic of interest, or when I'm reading out-of-copyright literature. If someone else does need it when doing the exact same things, that's fine, but my unsecured reading does not impose a cost on them.
Correction - you think you don't need it when you're reading those things, which indicates a serious misunderstanding of HTTPS' problem domain.
Unless what you're trying to say is that you're totally fine with third parties (governments, ISPs, the person whose WiFi you're connected to, some random script kiddie):
- snooping on your browsing habits (you can intercept and read off an entire HTTP request plain as day, including headers such as User-Agent strings, the specific URL that's being visited, etc, allowing you to build a profile of/digitally fingerprint the unsuspecting user; these are encrypted in an HTTPS request)
- maliciously handling your requests, returning whatever response they please instead of forwarding it to the intended remote, allowing them to not just censor the content but straight-up lie to you without your knowledge
- tampering with responses - injecting a cryptominer, tracker, script that adds your computer to a botnet or other malicious/non-benevolent script into the response before it reaches you or even just fucking around with the CSS or throwing in porn for the lulz
Why do I trust the host at the far end of the connection more than those in the middle? In fact HTTPS has done little to prevent any of the things you mention, especially through e.g. ad networks.
I wouldn't mind if they were to "throw in some porn for the lulz", but that has never happened for me...
The point is that for this sort of web use, my brain is already turned on, and there's nothing at risk. If someone rewrites a page to mislead me, I'll notice eventually, whether that someone is running a TLS site or MitMing a non-TLS site.
ps. your first sentence is pretty obnoxious; there's no need to personalize this.
