Hi all,
On Fri, May 10, 2019 at 10:11 AM Ryan Gorley via Inkscape-user inkscape-user@lists.sourceforge.net wrote:
Offering a website connection over an encrypted HTTPS path isn't just about protecting credit card numbers or passwords anymore. Encryption protects a visitor from unwanted snooping and tampering by anyone along the worldwide network between that user's computer and the website's host. To illustrate, my ISP began injecting popup notices on my screen without my consent during casual web browsing (only on HTTP sites) when I was approaching their monthly usage limit. I'm sure they are scraping and selling every bit of information about me that they can whenever I visit and interact with an unencrypted site. No doubt the dozens of others (ISPs, employers, governments) who handle my information are doing the same. I don't think there is a great argument to be made for not offering this protection to our visitors if we can--which we do.
I have to admit that I'm not involved in what you're discussing -- I'm actually just watching the messages come in. But this thread has gone on long enough that it caught my attention and I started reading it.
I guess everyone can offer their 2 cents into this discussion. I guess encrypted HTTPS will be more and more common in the years ahead and yes, it might even become the default. Just a few years ago, I was running a WordPress-based web site with HTTPS. Everything was fine, but *one* unmaintained plugin made it impossible. (It didn't accept URLs with "https".) As time passes, HTTPS will so common that something like this won't occur. But I don't think we're there just yet... We're in some transition period and I think (as IT professionals), we have to accept that and just explain it to users. The fact is, we could have used another plugin; but we did not have the resources to write a competing plugin to get it working. I think I'd be shell-shocked if a user came up to me and said "we didn't care about them".
I guess we can argue in circles and as someone who isn't involved in all the great work you all are doing, I shouldn't say too much. But allow me to digress with an analogy. Where I am currently living, I occasionally see people wrap their fingers with a tissue before they push an elevator button. And just recently, I heard of someone who wipes their kitchen down with alcohol every evening. Now, perhaps there is one or two of you that completely agree with them; but sometimes, I wished some (medical?) professional would come in and say that the former isn't necessary unless you had an open cut on your finger (they did not). Or, s/he should say that a clean kitchen is great, but daily cleansing with an alcohol will lower one's own immunity; and that's ignoring the problem of breathing in fumes every day from disinfectant alcohol.
As for your last sentence in the paragraph above, you said, "I don't think there is a great argument ... for not offering this protection". I can think of one, but along the lines of my analogy. When I see someone hit the elevator button with a tissue-covered finger, I think to myself, "I don't think I want to hang around with someone like that." (Rest assured, they probably don't want to hang around me unless they need someone to hit the elevator buttons for them everywhere they go!)
These two stories aren't exactly the same as HTTPS, but it's what I first thought of as I skimmed over this thread. Apologies for the interruption!
Ray