The problem is that Google controls the most popular interfaces to consuming HTTP and HTTPS, i.e. their Chrome browser and their search engine. And so Google is in a position where they control how these protocols are consumed, which is the crux of Dave's argument. Google is already discouraging the use of HTTP through warning messages in Chrome and by adjusting search rank algorithms for HTTP sites. Dave's concern is that Google will "turn off" HTTP access in the same way they did with RSS after capturing the market share for consuming RSS feeds and then shutting down Google Reader and removing discoverabilty of RSS feeds in Chrome.
Dave Winer has been around the Web for longer than most and you'd be foolish to write him off as a curmudgeon. Dave is to the open Web what RMS is to FOSS.
Now, Dave acknowledges this: "They tell us to worry about man-in-the-middle attacks that might modify content, but fail to mention that they can do it in the browser, even if you use a 'secure' protocol."
The rhetorical slip here is bad. "They" is me. I say you should worry about man-in-the-middle attacks. I can't "do it in the browser." He keeps doing this; he's acting like Google is the only entity that thinks the move is a good idea.
It also fails to acknowledge that partial solutions matter! What, I should give up on putting locks on my door just because the lock manufacturer can go right through them? Further, right now I have a choice of three plausible browsers, and I can switch between them freely. There's a significant difference between the danger of man-in-the-middle attacks and the danger of a browser level attack. (Both pretty low, to be fair, but still.)
And that's just the concern about attacks. Tracking is a whole additional issue that he doesn't acknowledge.
So, yeah, he makes some good points. But since he won't engage in discussion on the topic, they're not useful and they get drowned out by the noise.
This is a great analogy!
The open web is worth fighting for. And Google is moving into new territory now, by deciding to force sites to switch to HTTPS. Most of the arguments you hear are about new sites, but people are missing that the web has been used for 25 years as an archiving medium. If you want to save something so it's available for others (and yourself too) in the future, put it on the web. It's been incredibly stable platform, far more so than the ones run by the tech industry, and precisely because it isn't run by the tech industry.
That's about to change.
Read the original post. Today's post is just a continuation of that one.
And be a little more kind to Stallman. :-)
> Something bad could happen to my pages in transit from a server to the user's web browser.
If your argument is that there are lots of HTTP sites that are historically important and also that are unmaintained and that will never be upgraded, okay. That is a solvable technical problem .
If you want to know why you have to force people to do it, it is because security is a public health issue . It is the same reason you have to force people to get vaccinations.
I don't work for Google (in fact I work for a direct competitor), and I disagree with a lot of the things that they do or want to do (unsurprisingly). But having more security on the web is not one of them. We live in a very different world than we did 25-plus years ago.
 https://theintercept.com/2014/12/13/belgacom-hack-gchq-insid... (search for MUTANT BROTH)
We need maybe proxies as close to the origin servers as possible, to minimize the amount of traffic passing over insecure links. That seems like a political nightmare, but...
Of course, the whole point of this article is that centralisation of important resources is risky. Archive.org is an essential resource, and it's really far too important to be at the sole mercy of the of the Internet Archive organisation, well meaning and admirable in every way though they are.