if your site doesnt support https whats your agenda

@ipg I resisted it for the subdomain I dump screenshots to because 1 character shorter url

but it started throwing scary cert errors in every browser so I caved

@ipg there is no reason for a static site to support https

@zebo so ISPs and governments can't look at (and possibly prosecute for, given increasingly hostile governments) content that the user is reading

@ipg @zebo isps have also been known to tamper with page content on http pages in the past to insert ads or spyware etc

@ipg lets encrypt is free, certbot is easy (sometimes) to set up, and it only requires like 4 or 5 lines in your nginx conf to setup

@ipg i dont care about my isp seeing what i do all my traffic goes through them anyway

@zebo cool that you personally have that privilege, i guess

@ipg https also breaks older devices which creates more ewaste

@zebo mbedtls can be ported to a reasonable number of older devices, and https cipher support is mostly up to the webmaster (at the expense of the security guarantees of the website)
and note how i never said Force https i said Support https

@attkzach @ipg and caddy literally just does it on its own by default
(it also forces https by default but you can bypass that)

@ipg 90% of the time https is forced tls 1.2 or 3

@zebo damn that's crazy. tls 1.2 was standardised in like 2008 and support is in basically everything after 2010
mbedtls can be ported to platforms that don't (and if the platform is locked down, this is an argument against platform lockdown and deprecation with no user-controlled exit, not against https)

@ipg and what about things before 2010

@zebo port

@ipg and what if the platform doesnt support that

@zebo

@ipg so if someone is using one of those platforms they should be forced to not have access?

@zebo does akkoma not support newlines didn't i say "i said Support and not Force" or are you deliberately misreading what i'm saying for the sake of going "well i think that because of my ipod shuffle HTTPS is devil worship"

@ipg silliness

@ipg its another example of web "standards" not actually being standard and just being whatever google thinks of that second

@zebo what the fuck does google have to do with this at all?????????

@eval @ipg @zebo my old isp used to inject a popup into websites if you got close to or exceeded your data cap

@ipg I support both, because I don’t discriminate against the lil guy just wanting to browse my static pages on their Amiga video toaster.

@eukara thats the same reason i have http://ipg.pw set up (old JS to detect HTTPS, even having page rules for old browsers like opera 8/9 and IE to use compatible CSS)

@jaren @eval @ipg my isp still does that even on https sites

@zebo @eval @ipg how..?

@zebo @ipg there is no reason to NOT support HTTPS, and if you don't care about spying and tampering, then you're just not creative enough to imagine how that's gonna hurt you eventually.

@siguza

This - and "tampering" is the part that many seem to forget. Modifying a page in flight has more potential consequences than people realize.

@zebo @ipg

@tychotithonus @zebo @ipg something something Great Firewall injecting JS to DDoS GitHub...

@ipg old computers