The HTTP Sky Is Falling, Says Chicken Little

Dave's explanation is just absolutely wrong, and he has to know this, he's lying to frighten you away from security; I don't know why. Google's not planning censorship, just a warning being provided that a site taking your personal information is not secure.

Will this break plain HTTP sites?
No. HTTP sites will continue to work; we currently have no plans to block them in Chrome. All that will change is the security indicator(s).
Chromium: Marking HTTP as Non-Secure

Even if Google Don't Be Evil was Evil, you could still use Free-as-in-Drugs Firefox or whatever, and can just use curl to archive sites, or even by hand:

% telnet example.com 80
GET / HTTP/1.1
Server: example.com
(hit return twice, ctrl-D to end)

But you shouldn't be trusting anything you see or entering anything on an HTTP page.

If you connect to a site over HTTP and you do not fully control the wires from your computer to the server, that site can be spoofed and spied on. If you use public wifi to talk to HTTP, your logins and credit cards WILL be stolen. Guaranteed, some jackass in your Starbucks is wiresharking your connection.

Even if you think you have a secure connection, anyone on the routers between you and the server can read your connection. Routers are not secure, they have been routinely compromised.

The only protection you have against these "Man in the Middle" attacks is TLS (successor to SSL), using HTTPS instead of HTTP, SSH instead of telnet, SFTP instead of FTP, emailing with MIME and SMTP over TLS instead of unsecured ports, iMessage or Signal instead of IRC or Twitter & Facebook "direct messages" (which have bever been hidden from their staff).

In the early days of the ARPAnet and Internet, there was no security and we couldn't do much about it, but to resist warning people about insecure sites now is irresponsible.

News Snark

OK, what's going on in tech today?

  • Apple's bragging about the fucking trees on their spaceship compound. link

  • Tech companies are powerless against coal/oil company politics. link

  • Google's ad-blocking everyone except Google ads. link

  • Nintendo wants you to pay $20/year for online multiplayer, still no backup, and an NES emulator (back when their games were good). link

(I don't expect to do this often, but my sarcasm levels are higher than my bullshit-tolerance this morning)