Deprecating Non-Secure HTTP | Mozilla Security Blog

The real reason for deprecating HTTP and enforcing even non-important websites to use HTTPS, so that restrictive governments can ensure they’re arresting the right party upon mere suspicion or curiosity.

Encryption also encourages more waste of energy versus just using plain text, and usually requiring people to upgrade to the newer and faster hardware.

If there were other more legitimate reasons aside from fear, we would have been told by now.

This is more like the analogy; because I do not feel safe traveling streets having rowdy bars at night, I’m going to carry a gun (or be a vigilante) versus just choosing to avoid the troubled streets at night. People have choices, and I think I’ll choose not to use encryption when I obviously do not need it the majority of my time. Makes me sick to see people devote themselves to writing code and climbing the ladder of life, only to endorse such meaingless policies for promoting controversies. What a waste of time.

Can’t Agree more!

Richard Barnes (Firefox Security Lead) sold his soul to the devil and this is why he is pushing this agenda. All CAs have been compromised, which makes any SSL certificate insecure. I personally consider the PKI as good as clear text. If Barnes is a bit intelligent, he should know this. By forcing websites owners to buy SSL certificates, he is opening the door on privacy and censor those who the government do not like the content (of course to protect the poor and vulnerable children from dangerous website like wikileaks).

Complete and utter rubbish.

Even if a CA is compromised, you don’t give the CA your private key, they simply sign your public key and it’s up to web clients to determine if they consider your certificate valid.

Your assertion that “All CAs have been compromised” is pure brilliance… care to produce some actual evidence to back that up?

It doesn’t matter whether you give the CA your private key or not if the CA has been compromised, because those with control over the CA can MITM any connections you make and you’ll be unable to tell.

Because non encrypted connections are way better against MITM /s

Check out https://letsencrypt.org/

I’m afraid he’s right. Tell people they care about security and then to use an allready compromised tecnology. So sad most people don’t know this. Conspiracy?? – well – sometimes when they cry wolf – a wolf will come. Look at documentaries on youtube about the 2008 crises – about 9/11 – how the federal reserve robs every american. So many strange things going on. Bush saying PUBLICLY “Let’s us not listen to conspiracy theories. Let us focus our time on catching the terrorrists”. If you dont want comspiracy theories, then let the public see the evidence instead of hiding 90% of it. It’s sad, and most likely they will get away with it.

https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/