Why Not https?

By Xah Lee. Date: 2022-10-24. Last updated: 2025-04-11.

2025-02-14

Let's Encrypt Tactic on Censorship

Letsencrypt is a tool of capture to make it easier to censor people by revoking their access to CAs

2022-10-24

Why is Your Site Not https?

lunarus said it best (on xah discord, 2022-06-04):

HTTPS and more specifically Let's Encrypt is a power play to control the internet and prevent counter-culture from forming. By browsers using scare tactics for enforcing https it puts the control of the internet into a handful of CAs making you vulnerable to cancelling.

Enabling cancel culture starts with the “undesirables” of the day and ends with authoritarian regime that oppresses everyone that isn't in line with the elite

There are sundry reasons. None is significant by itself, but all together, it's something unwholesome.

The Google empire and mainstream gang are forcing it with scare tactics, controlling websites. If google is really good about security or user privacy, it would allow self sign for encrypted traffic.
Adding https, is not that trivial. This prevents average programers voicing opinion on their own blog and domain.
Often, sites with https have misc problems. Such as cert expired, or mixed http and https that stir up scary warning by browsers.

2022-10-31

Cert Expired Censor

cert expired https censor 2022-10-30 c7yty

2025-03-11

Google Forcing HTTPS is Censorship Scam

forcing https, began by google, is a way to censor the masses and control info.
in the beginning, google empire gently suggested it, for so called security.
and mysteriously, at the same time some org spring up offering https for free. (so this google move becomes more acceptable )
after a few years, google start to de-rank non-https sites in their search result.

originally sites with https gets a lock. then it gets gradually worse.
then sites without https shows as insecure warning sign.
scare tactics.

vast majority of sites are not shopping sites.
you don't need encryption to read about your friend's birthday party or pol opinions.
also, vast majority, even coders, making a cert is too much hassle, even free.
then u get the expire issue, which occur very often.

requiring https, basically force sites to be centralized by a few giant cert orgs.
(and there is lots war n scam within cert orgs, there's incident...)
and, oddly, for so called security of non-credit card sites, google do not approve self cert.

and now, basically, firefox begin simply prevent reading of non ngo sanction sites.
that's basically 200 million sites.
firefox says it's experimental.
of course, they r trying to see how deep it can go, how coders receives it.

Google Webmaster Central Blog 2014-08-06 29b65 https://webmasters.googleblog.com/2014

Firefox Forces HTTPS (2025-03)

2025-03-11

who funds let's encrypt?

2022-11-05

Turn Browser Auto HTTPS Off

this no longer works in Firefox.
Firefox Forces HTTPS (2025-03)