Hacker News new | past | comments | ask | show | jobs | submit login

If a site does not require personal information, it does not need SSL to be "secure". Webcomics I read, blogs, etc, do not need to be "secured", as they are not requesting data. They do not need HTTPS.



MITM attacks can also simply be injecting malicious code onto insecure websites. They don't have to be stealing your credit card info to be harmful.


>it does not need SSL to be "secure".

>do not need to be "secured"

Which is it - is the site secure without SSL, or does the site not need to be secure?

In the former case, I disagree wholeheartedly. In the latter case, you're not blocked from browsing the site - only informed that it is insecure, a factual statement.


If it doesn't need to be secure, why does a "not secure" label in the browser bother you?


Ah, but they sort of do. HTTPS also protects you from your ISP injecting trackers and ads (which is something US ISPs like to do), and also protects you from third parties listening in on what "benign" sites you visit and building a profile about you.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: