Ask HN: Why Isn't Paulgraham.com on HTTPS?

Seems unusual for someone as high profile in tech as him to not serve his site with an SSL cert. Is this just laziness? Since it's just a basic content site, I suppose it doesn't matter?

10 points | by ImpressiveWebs 1219 days ago

6 comments

  • Foober223 1218 days ago
    You're not submitting data to him, so no benefit to protect you there.

    There is a risk downloading the text. Does it warrant a signature? I don't think so.

    When you hand out candy on Halloween you could include a digital signature with each piece you hand out. People receiving the candy would have more confidence it came from you, and not a bad guy wearing a mask, sitting on your front porch impersonating you.

    Does everything need signatures? The stakes of accepting candy are much higher simple raw text.

    • eecks 1218 days ago
      This is a misunderstanding of the reasons to use https. ISPs can inject ads or other stuff if it's not https.
    • seanwilson 1217 days ago
      > You're not submitting data to him, so no benefit to protect you there.

      This is a common misconception. If a page is using http, an attacker could add a sign-up form, a login form, a payment form, a malware download etc. or anything they want to the page to steal entered data or just redirect you to another malicious site, anything they want.

    • Spooky23 1218 days ago
      You’re supposed to be worried about your ISP or the government knowing that you’re reading essays online.
  • baccredited 1218 days ago
    My company spent precious developer hours this week 'fixing' old intranet websites that recently started giving Chrome 'insecure' warnings on internal links. HTTP is definitely not a risk in this scenario. And PG's website is not a risk either.

    Google's war on http is misguided, dumb, and wasteful.

  • scott31 1218 days ago
    It is a feature. As a frequent user, I would rather have it on plain HTTP as well. Aside from the performance benefit, it also helps if people monitoring my internet traffic (my ISP, NSA, Putin, Zuck etc.) reads Paul Graham and they may get enlightened. May not seem much but it is actually one of the few steps humanity is taking towards world peace.
  • gabrielsroka 1218 days ago
  • new23d 1218 days ago
    The certificate will expire some day and then there will be a huge uproar about it with solutions/advise without knowing the full setup.
  • quickthrower2 1218 days ago
    While being satire, this page makes some good arguments - http://n-gate.com/software/2017/07/12/. You will need to copy the link and paste it into a new tab, as it blocks HN refers.
    • watermelon59 1218 days ago
      > You will need to copy the link and paste it into a new tab, as it blocks HN refers.

      I love that website and didn't know about that until now. Now I love it even more.

    • dormento 1218 days ago
      > You will need to copy the link and paste it into a new tab, as it blocks HN refers.

      I opened the link from inside Firefox just fine. YMMV.