Bonum Certa Men Certa

Why Your Web Site Should Also Support HTTP (Without 'Secure')

posted by Roy Schestowitz on Dec 02, 2024,
updated Dec 02, 2024

Beach Wheelchair rental sign at local beach Florida, USA.

Secure is good. Secure is definitely desirable. But at what cost? Security isn't a bad word, of course not! In fact, we've all become accustomed to hearing about security breaches. We learned about the importance of security and got used to or came to assume transmissions are encrypted one form or another (usually between us and some remote server; for person-to-person communication that's not good enough).

The unavoidable tradeoffs are often forgotten and the issue neglected though. Shaming and humiliation of critical thinkers is all too common in this domain. Anything to suppress candid discussion or proper debate...

You see, on the Web, many old devices still exist that cannot handle HTTPS (we wrote a lot about this matter in the distant past), do not have the latest version and/or protocol (this probably cannot be overcome either, as there's a long chain of stale dependencies), or are wired to handle authoritative domains (or certificates) long expired, in other words deprecated. For this reason, sites which force everybody to use HTTPS have an inherent accessibility problem.

We're bringing up this issue again because it was mentioned in IRC some hours ago. In the past we insisted that everyone should use HTTP or configure the browser to trust our self-signed certificate (for HTTPS). As browsers 'evolved', however, they made it increasingly hard if not altogether impossible. So we sort of gave up, surrendering to the mess the Web had unfortunately become. Secure transmission of pages or page-related data matters when making online purchases (i.e. credit card numbers - an opportunity for fraud) and using banks (that was originally the purpose or motivation); for everything else HTTP tends to be enough. There are many reasons (at several levels) why HTTPS does very little to protect your privacy when you surf the Web, even if strictly over HTTPS (not limited to JavaScript, trackers, DNS and so on).

Sign in the bushes stating there is handicap access

But let's just set the record straight.

Secure protocols are a good thing, but do not impose that stuff on people who come to your site only to read some articles. You're probably losing more than you're gaining. It's like putting a helmet on when cooking in the kitchen; sure, if might protect you (in some rare circumstances), but it can also get in the way.

If your Web site has HTTPS (by default, as increasingly common these days), then adding HTTP should not be hard. It's a lot simpler - can be done easily in a few minutes - than going the other way around. Depending on your 'webserver' software, the configuration file/s may only need a few additional lines. With a front-end interface it might be just some tickbox.

Let people with old computers, old devices (such as TVs with Internet support), and "old" (or simple) browsers regain access. Don't forget RSS readers, either. Some cannot handle edge cases. The same is true for IRC, but that's a story for another day. If we all use unencrypted E-mail (I encrypt every E-mail message that I can for over 20 years already, but both sender and recipient need to exchange keys), why can't we do the same with Web pages that we visit?

To put it a little more crudely, focus on security where it matters most. Many sites get breached/cracked (data compromised or worse) in spite of adopting HTTPS. It's better to focus on the integrity and security of the server itself rather than pseudo-security associated with packets containing freely- and publicly-available pages.

It would be totally appropriate to speak about these issues from an accessibility perspective. Because, in many ways, that's just what we're dealing with. Most disabilities aren't visible to the naked eye (it's not all stuff such as wheelchair or hearing aid, for instance) and are nevertheless something we must bear in mind to properly cater for everybody. The poor person with an old TV that cannot browse sites with the latest TLS may be just as disadvantaged (at least economically) as many others. IBM might make fun of that person (poor-shaming), but IBM is a eugenics company, not a role model for other companies to idolise and imitate.

Blue disabled sign logo

Other Recent Techrights' Posts

Video: University in Peru Honours Richard Stallman
Tomorrow, January 20, Richard Stallman speaks in France
FOSDEM is Called "FOSDEM" Because of Richard Stallman (RMS)
The overlap there seems timely; yesterday RMS spoke in French-speaking (in part) Switzerland where questions in French were accepted
January 20: Richard Stallman Talk in Europe
evening time in Europe, around midday in the United States and Canada
Slopwatch: Too Lazy to Write Real Articles, Offloading to Chatbots Instead (LLM Slop About "Linux")
The Web was already full of garbage before the LLM frenzy. Now it's even worse.
 
Total Lock-down Ambitions - Part III - The Web Browser as DRM Pusher
A lot of "streaming" stuff is DRM
IBM Termination Story and Information From Microsoft About Mass Layoffs
In 2 weeks of 2025 Microsoft already had 2 waves of layoffs
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, January 18, 2025
IRC logs for Saturday, January 18, 2025
Links 18/01/2025: Restoring the Great Wall of China and Economic Expansion in China
Links for the day
Guardian Digital (linuxsecurity.com) is Spamming the Web With Microsoft's Promotional LLM Slop About UEFI 'Secure' Boot (Which is Against Real Security)
This is an attack on honest journalism
Links 18/01/2025: TikTok's Endgame, "Car Freedom", and Spying in Cars 'Fines' GM (Settlement)
Links for the day
Links 18/01/2025: Apple Getting Out of Hey Hi (AI) Slop (Too Much Misinformation), Chaffbots/Chatbots Try to Settle Copyright Infringement Lawsuits
Links for the day
What Fake News Sites Are Doing to GNU/Linux
The LLM slop about Linux serves two purposes
Links 18/01/2025: Microsofters Upset at Microsoft's Ridiculous Rebrands (Excuse for Massive Price Hikes), Chaffbot Company ('Open'AI) Faces More Lawsuits
Links for the day
Gemini Links 18/01/2025: Surge in Illnesses, ctags, and Gemsync
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, January 17, 2025
IRC logs for Friday, January 17, 2025
RMS 'Inauguration' in Montpellier (Government Administration) on January 20th
Happy hacking
Even Technical Articles and HowTos From UNIXMen Nowadays Seem to be LLM Slop
We've just permanently removed the RSS feed of UNIXMen
The FSF's 2024 End-of-Year Fundraiser Succeeds: Over $400k to Support Software Freedom
That's worth bringing up again because the SFC is trying to 'crash' this achievement of the FSF
[Meme] Fentanylware (TikTok) Banned in the United States, Next Up European Union (EU)
And the United Kingdom (UK)
President Biden is Right, "Free Press is Crumbling" and the United States Exports Its Media-Hostile Culture to Other Continents
perhaps Biden should pay closer attention to how Donald Trump-inspired Americans take their battles to other continents
Links 17/01/2025: TikTok Banned by the United Stated (SCOTUS Rejects Appeal)
Links for the day
Software Freedom Conservancy Inc (SFC) Makes It Obvious It's Just a Copycat Trying to Exploit or Leech Off the FSF's (and GNU's) Work
They swim next to the rich people (who "match")
Links 17/01/2025: Fentanylware (TikTok) Herds Its (Drug) Users Into Even More Harmful "Apps"
Links for the day
Guardian Digital, Inc (linuxsecurity.com) Uses Microsoft-Controlled Front Groups and LLM Slop in Order to Spread Microsoft-Directed Anti-Linux FUD
Microsoft garbage likely produced by Microsoft LLMs, spewing out Microsoft FUD
Likely Fake 'Article' About Linux Mint 22.1
BetaNews fired up its plagiarism machine (LLM)
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, January 16, 2025
IRC logs for Thursday, January 16, 2025