Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Why doesn't pg use HTTPS on his site?
7 points by slygent on May 6, 2021 | hide | past | favorite | 14 comments
Going to http://www.paulgraham.com doesn't redirect to https

And https://www.paulgraham.com tries to use a certificate for *.store.yahoo.com



I don’t think there’s a reason to as it’s just content published from him for free. Doesn’t collect data. Doesn’t hold anything sensitive.

Maybe somebody gets between a reader and his site and injects ads or something.

Or maybe ISPs or local networks can watch what readers read.

I don’t think either is that big of a deal and wouldn’t bother if I had sites.


I’ve seen several ISPs inject things as well. No excuse for http anymore. No rewards, only risks and punishments.


> No excuse

You're not paying him anything to read his website. He does not owe you a single thing.


If you’re concerned with that then use a vpn.

I’ve used dozens of ISPs and never had this problem. Guess I’m lucky.

I don’t care if people inject stuff into my http content. If it becomes a significant problem, I’ll think about it.

Simplicity is a reward. A big reward.


Because he doesn't care ? I mean yes SSL is easy these days but he knows he doesn't have to do it and people would still read this blog.


He probably just has better things to do and who cares (aside from Google)?

I have a number of old sites (including my blog until recently) which haven't been switched over to https yet. It's not that I can't do it or that there's any real reason not to use https on those sites, I just have other things going on. PG set up his site years ago when https wasn't a default on the web, that's probably the real answer.


https://news.ycombinator.com/item?id=25214264

https://news.ycombinator.com/item?id=24676257


That reminds me, what other popular sites which are HTTP only (and no HTTPS)?


Australian Government weather website, www.bom.gov.au


Perhaps he has better things to do with his time that mess around with SSL certificates.


He certainly could afford to pay someone


Im more impressed that he does it himself.


If you want to here someone else’s argument for why they don’t need https, see

    http://n-gate.com/software/2017/07/12/0/
Paste the link in a new window as the site is not idempotent with respect to referral headers. Or in layman’s terms he blocks links from HN!


He still uses an iMac G3




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: