I don't get this. Clearly the contents is served by Google, and so they can do whatever they like with it. How is an end user going to know whether the message was signed before it was passed on or not?
> How is an end user going to know whether the message was signed before it was passed on or not?
Your web browser will show a scary warning and refuse to display the bundle if it's not correctly signed. Google is not going to fake signatures for other sites, as certificate mis-issuance would open up Google to legal consequences.
Please review and stick to the site guidelines when posting here (https://news.ycombinator.com/newsguidelines.html). They explicitly ask you not to lead with things like "That's nonsense. Take a moment to breathe." The rest of your first paragraph is just fine.
Re the second paragraph: people are wrong on the internet. If you want a site that doesn't have this problem, you're going to have to look for something considerably smaller, where countering entropy is an option. I think you might be running into the notice-dislike bias, though: https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...
Edit: I'm dismayed to see that your last 7 comments have all broken the site guidelines. Trashing this place because you don't like some of what other people post, or because you feel superior to the community, is not ok. I'm sure you wouldn't litter in a city park, so please stop doing the equivalent here.
> Is there some site where people actually have a clue? On any topic that I have any passing knowledge about, HN is just completely spewing nonsense and the worst part about it is that they think they have a clue.
Given that HTTP Signed Exchanges are nowhere near a web standard at this point, I think you should tone down your vitriol considerably.
Currently, what the parent commenter is saying is completely valid and true; if you're serving things on your domain and have a cert for it, you can serve https://youdomain.com/<anything>, where <anything> could be www.nytimes.com, www.google.com, or whatever. HTTP Signed Exchanges proposes a breaking change to this, and therefore is non-intuitive for the vast majority of users.