Ironically, I've just discovered that https://ipfs.io/ has certificate signed by StartCom, known for being source of fake certificates for prominent domains[1]. So in order to work around censorship, I have to go to site which to establish trust relies on a provider known for providing fake certificates. D'oh.
Even more funny: There are individuals out there trying to help others. HN's top replies are sarcastic and critical. Hope the poor devs don't see this thread today. If so, thanks so much for the awesome technology!
I'm not sure how pointing out a security flaw contradicts helping others. Do you think if people try to help others, nobody should point out their mistakes? Are you also against submitting bug reports to projects that you consider good and only send them to the most evil ones?
[1] https://en.wikipedia.org/wiki/StartCom#Criticism