.org doesn't mean credible

(dotorgdoesntmeancredible.org)

251 points | by ibraheemdev 5 days ago

44 comments

  • walrus01 5 days ago
    I agree with the point of 'doesn't mean credible', but the traditional TLDs of .com/.net/.org are also much better recognized as an actual TLD.

    If I start a new taco truck company and put "burrito.services" or "burrito.catering" or "burrito.ai" in a huge font on the side of the trucks, a fairly large number of people aren't going to immediately recognize that as a web site address.

    On the other hand, if I'm lucky enough to get the domain burrito.net , most people will recognize that as something they can type into a web browser address bar.

    • s_dev 5 days ago
      Conveying it's website is easy though -- stick a protocol or www in front of it. Or even underline it an colour it blue!

      www.burrito.ai or https://burrito.ai is obviously a website to any layman.

      Yes -- a server admin will tell you they are all different but generally speaking it will redirect to a preferred naming convention.

    • sidpatil 5 days ago
      > If I start a new taco truck company and put "burrito.services" or "burrito.catering" or "burrito.ai" in a huge font on the side of the trucks, a fairly large number of people aren't going to immediately recognize that as a web site address.

      Well, unless you put "http(s)://" in front of it.

      • defaultname 5 days ago
        A pretty good percentage of people are just going to remember it as burrito.com. Alternate TLDs are fine for clickable media, but fall apart in print form.
        • fatnoah 4 days ago
          I'm pretty sure this is why (in the US at least) we end up with online gambling sites located at .com addresses with "free" counterparts at .net addresses. You can advertise the free .net sites because they're not gambling with money, but people typing the addresses in simply go to the .com versions.
          • defaultname 4 days ago
            Fascinating! I'd never noticed this before. Normal television is dominated by those free-to-play gambling sites, and as you mentioned overwhelmingly they seem to use .net. I always wondered how they made money.
        • walrus01 5 days ago
          Certainly, though the trend for printing vehicles, business cards, letterheads, outdoor advertising signs and such seems to be to omit the "http(s)://" or "www"... Since in real world use almost nobody is actually typing the http:// into the browser anymore, as might have been necessary when we were running Netscape Navigator in 1999.
          • surround 5 days ago
            > As early as 1996 browsers were already inserting the http:// and www. for users automatically (rendering any advertisement which still contains them truly ridiculous).

            https://blog.cloudflare.com/the-history-of-the-url/

            • walrus01 5 days ago
              That, and in a typical virtualhost based http/https setup now, it's standard DNS configuration to point the A record for the 'root' of the domain (domainname.com) to the same IP address as the www.domainname.com DNS record.
              • rightbyte 5 days ago
                For some reason I typed "www" for an emberessly long time.
            • CivBase 5 days ago
              > Well, unless you put "http(s)://" in front of it.

              Go with "https://www.burrito.services/" and make it blue and underlined, just to be safe. I'm kind of kidding, but I also kind of suspect the blue font and underline would probably be more immediately recognizable for many people than the HTTPS protocol prefix.

              • moehm 5 days ago
                Or "www", as in "www.burrito.catering".
                • hunter2_ 5 days ago
                  That actually strikes me as anachronistic, because it became popular to drop "www" (not only in print media, but also in the canonical FQDN) well before these sort of TLDs became available.
                  • moehm 5 days ago
                    This is correct, though I still believe most people understand the meaning that it's a website if I prepend the "www".

                    On the other hand, I guess most people probably aren't typing the url out anyway but googling it instead.

                    • walrus01 5 days ago
                      Also correct, though using my example and weird new TLDs, let's say in a theoretical example I see a bus stop outdoor advertising board on the street that says:

                      "BURRITO.CONSULTING"

                      I'm going to think, "uhhh, is that a website? Well, I recognize .consulting as a TLD. I guess it must be. But that's weird..."

                      but then if i see the same sign

                      "WWW.BURRITO.CONSULTING"

                      I'm going to think: "Well that's definitely somebody's website, but what a weird and anachronistic way of printing it, and why is it using one of those new long generic TLDs anyways..."

                      • fogihujy 5 days ago
                        Yes, 'www.burrito.consulting' looks akward, but most people born after 1960 will recognize it as the URL for a web site.

                        People outside tech generally don't realise that domain.tld and www.domain.tld are two separate hostnames, and adding www. makes it much more recognizable to the general public.

                        • deepstack 5 days ago
                          yeah it is a techy thing. Most people who are not techy use "WWW", we just got to go with this. Edit your web server config to handle that.
                          • stephenhuey 5 days ago
                            Exactly. There is plenty of discussion to be found online in techie circles, but in short, if you’re going to use a naked domain to host your website, at least redirect www to it.
                      • toshk 5 days ago
                        On sites for government we always have lot of confusing emails if we don't also make the www in front of subdomains work:

                        So for subdomain.burrito.com, we redirect the wwww.subdomain.burrito.com

                        People are just so used to it.

                        • Mauricebranagh 5 days ago
                          No that was just idiots being fucking lazy
                          • hunter2_ 5 days ago
                            Lazy? Running without www can actually be a decent amount of work:

                            1. Avoiding the relatively common pairing of {a host whose IP address changes without warning so you need to CNAME it; a DNS provider that doesn't offer CNAME flattening a.k.a. ALIAS a.k.a. ANAME}.

                            2. Scoping session cookies so user agents don't also send them to your subdomains.

                            And maybe even more stuff I'm forgetting.

                        • rbonvall 5 days ago
                          I think none of http, www or .com actually work anymore for all audiencies. What I see more often is stuff like "<instagram logo> @burrito_catering" or "<facebook logo> burrito_catering".
                          • walrus01 4 days ago
                            It is interesting to see the same signs and logos on non-north american businesses where much the same approach has been adopted for GFW-compliant things within China, where a retail store might have some nice glossy logos for alipay, wechat pay, weibo and qq
                        • fireattack 5 days ago
                          Interestingly burrito.catering used to be a thing it looks: https://web.archive.org/web/20180804010349/http://burrito.ca...
                          • scythe 5 days ago
                            I think that's a good thing. There should not be an unmitigated explosion of TLDs. A few will pop up that appeal to lots of users, say .taco, and the .com monoculture can be split into a manageable number of TLDs.

                            Humanity is great at this stuff. Natural language is enervated with side channels everywhere. At some point, people may converge on "what a TLD looks like" and new TLDs will often have an ineffable TLD-ness about them.

                            • riffic 5 days ago
                              > There should not be an unmitigated explosion of TLDs.

                              too late.

                              • nine_k 5 days ago
                                I think the reverse is going to happen. In the search for short, expressive names more TLDs are going to proliferate, so eventually many common words will become TLDs. It will be hard to know what is a TLD, except for a few old, well-known ones, like .com, .org, .net, etc.
                            • sameerds 5 days ago
                              I think those custom TLDs will work just fine. It might confuse customers a bit, but most of them will just type "burrito.catering" in Google and miraculously reach the correct website anyway.

                              EDIT: In case it's not obvious, the fact is that most people don't type the website address in the URL bar. They type it in the Google search bar.

                              • Asdrubalini 5 days ago
                                Most people don't even know that .catering is a domain name, so they might not recognize it as an actual website... burrito-catering.com would be much better imho
                                • hombre_fatal 5 days ago
                                  Also, a weird TLD like ".catering" usually means you're trying to use a generic word in the domain name, "burrito" in this case, which makes it even harder to remember than something more unique + ".com".

                                  The effect is that people have to now remember two generic dictionary words. "burrito" and ".catering", or wait, wasn't it "tacos" and ".food" or something? And like you said, I'm sure most people don't even recognize that ".catering" is a TLD, whatever that is, and the domain name just looks like `<genericword>.<genericword>` making it all the more confusing and arbitrary.

                                  It's like having to remember where the periods went in "del.icio.us" and, if you couldn't, googling "delicious" (until it caught on) was incredibly unhelpful. Just like googling "burrito catering" doesn't necessarily take you to "https://burrito.catering".

                                  I think even a random brand name + ".com" is still preferable to most of these new TLDs.

                                  • LeifCarrotson 5 days ago
                                    Even then, you've got a large SEO and trademark barrier. Can you out-rank Qdoba for the words "burrito" and "catering"? If you do, can you use your trademark recognition to fend off competitors at better-burrito-catering.com?

                                    Like Qdoba, choose something unique. The domain caterrito.com is a little overspecific, but memorable, unique, easily trademarked, and available.

                                    • sameerds 4 days ago
                                      I think there's a problem worth solving here. With the DNS, people didn't have to bother remembering IP addresses or even know what they mean. With search engines, people no longer have to bother remember URLs or even know what they mean. That's a good thing, IMHO.

                                      All we need now is to create a syntax for "internet identifiers" which is instantly recognizable as such. Enter ... drumroll ... @burrito.catering?

                                      The choice of generic words like "burrito" and "catering" is a marketing decision. The original example was mostly a placeholder.

                                      • smichel17 5 days ago
                                        Maybe it's time for good 'ol www to make a comeback.
                                      • frosted-flakes 4 days ago
                                        If I tell my mother to go to a specific website (example.com), she will go to google.com, wait for the page to load, then type the website into the search box and semi-randomly click a result, which isn't always the correct one. I've explained to her that if she has a web address, she can skip the googling step, but she doesn't seem to get it.

                                        I've also tried explaining to her that the address box doubles as a search box, but she still goes to google.com to search. ¯\_(ツ)_/¯

                                        • OldTimeCoffee 5 days ago
                                          At this point the URL bar is a search bar.
                                        • ipython 5 days ago
                                          I had a similar experience with a side project. I used an .app tld since it was available and, hey, it seemed kind of cool. Then I told my friends and they were totally confused- “your apps not on the App Store?”

                                          Ugh. Lesson learned.

                                          • mr_cyborg 5 days ago
                                            I own a .app domain and in naming a folder on my Mac that I lost the ability to open the folder in Finder. Cracked me up and outside of the terminal I could find no solution.
                                            • mschuster91 5 days ago
                                              Right click and View Content should help you out
                                              • mr_cyborg 4 days ago
                                                This is good to note. I remember I was trying to hit return to rename it and that would just open it. I was probably tired because I felt so flabbergasted! It looks like you can rename from right click too. Not sure how I missed that
                                              • scsilver 5 days ago
                                                Theres a mac toggle to show hidden files/folder in finder. The prefix . makes those folders hidden
                                                • mr_cyborg 4 days ago
                                                  Thanks for this reply - for me it was “website.app” so this wouldn’t have applied
                                            • lkuty 5 days ago
                                              I might think that your company is providing Haskell consulting services since monads are like burritos [1].

                                              [1]: https://blog.plover.com/prog/burritos.html

                                              • phreack 5 days ago
                                                How about putting a Chrome icon next to 'burrito.catering' as if it were a social network? The implications are awful but the results might be effective
                                                • walrus01 5 days ago
                                                  I fear we are going that way. It's already become almost a default industry standard for a lot of retail customer facing things to have the trifecta of nicely rendered, equally sized icons for facebook, instagram and twitter next to their brand name.
                                                • vmception 5 days ago
                                                  If your engagement strategy relies on users typing in your domain name you need to sue whatever time displaced guru faxed you their internet marketing manual
                                                  • walrus01 5 days ago
                                                    Not my point at all, rather, that a well chosen domain name that's immediately recognizable as such, and a part of the corporate identity and trademarks, is an essential part of having an Internet presence.

                                                    Also ultimately your domain name and wherever its MX record points to is the start of authority for setting up official business accounts with all of the popular social media promotion channels (you sure aren't letting your social media people run the company instagram page from an account linked to their personal gmail accounts, are you?)

                                                    By no means would I say that people should ignore all the other ways of driving traffic to a company's online marketing presence, via all other modern means of social media (instagram, tiktok, facebook, twitter, whatever is the new hot thing of the current year). And having a dedicated app, partnership with third party food ordering services if you're something like a burrito delivery service.

                                                    • dkersten 5 days ago
                                                      > you sure aren't letting your social media people run the company instagram page from an account linked to their personal gmail accounts, are you?

                                                      If you're running a burrito truck, there's a good chance this is exactly what's happening.

                                                      • walrus01 4 days ago
                                                        In the theoretical example I didn't literally mean a burrito truck, but a silly example of "I'm running a business in $marketsegment and I'm going to print all my company vehicles with $companynameurlrelatedtomarketsegment". The burrito part was chosen as a placeholder much as we might use Alice, Bob, Charlie in a discussion of cryptosystems.
                                                        • dkersten 3 days ago
                                                          I think my statement holds for most small non-tech businesses.

                                                          Many of them have companyname@gmail.com business email addresses and while I hope their social media accounts are at least registered from that email account, I wouldn't be surprised if many are linked to a personal account. That is, if they have a dedicated email account for the business at all. Especially with older non-tech-savvy small business owners, there's a chance they just use whatever email address someone made for them.

                                                  • ratww 5 days ago
                                                    Another thing about new domains is that sometimes they can get caught up in spam filters.

                                                    I already suspected that reliably sending an email from an .xyz domain is very difficult, but I learned the hard way that that lots of enterprise filters also block emails that contain links to any domain ending with .xyz, so we had to use something less fancy, so a longer .com was it.

                                                    • c22 5 days ago
                                                      I think most people these days may not use URLs at all. They will type whatever is written on the side of your truck into their search engine, which is also their address bar, and they will click on the first result.
                                                      • They will probably type whatever is written with the name of the city after it
                                                    • Doctor_Fegg 5 days ago
                                                      Coming up soon in this series:

                                                      - Ben Shapiro was not the secret 7th member of Monty Python

                                                      - wildebeest did not solve Fermat's Last Theorem

                                                      - Joey from New Kids on the Block is not the real author of Bach's Toccata and Fugue in D minor (BWV 565)

                                                      • lolinder 5 days ago
                                                        You joke, but I was told this myth about .org multiple times over my education by multiple teachers, including in college. It might be terribly obvious to you, but there are hundreds of thousands of teachers who teach this wrong.
                                                        • lucideer 5 days ago
                                                          True, but I think "org, specifically, is not credible" is the wrong counter to people teaching that "org, specifically, is credible".

                                                          The appropriate counter is: "learn to think critically"; replacing one narrow blindly-followed fallacy with another isn't progress.

                                                          Credibility cannot be inferred from tlds.

                                                          • hoten 4 days ago
                                                            I agree, but felt like confirming it anecdotally.

                                                            I asked my two sisters, in their 20s (not in tech): they both had this misconception from school. A friend (not in tech) did too, but only until he tried registering a domain of his own and saw he could get .org. My mother (also not tech savvy) trusts .gov more than .edu or .org, but didn't realize that anyone can purchase the latter ones.

                                                            I asked her why she trusted .gov over the others, she paused and laughed as she said "well the government wouldn't lie to you!" :)

                                                          • antod 5 days ago
                                                            Yeah right, what's next? The author of the site isn't actually a ninja?
                                                        • jancsika 5 days ago
                                                          The author makes some good points. But since they are published on an `.org` site I must reserve judgment.

                                                          Therefore, I am forced to fall back to my default position that `.org` sites are inherently credible.

                                                          With that in mind, I object to all the points the author makes.

                                                          In conclusion, we should cut off the oxygen to all astronauts currently in hibernation.

                                                          • campital 5 days ago
                                                            If you object to all the author's points, do you also object to the fact that .org domains are not always reputable? If so, then this website must be reputable, and therefore all of its points are true. But, unfortunately, the website itself asserts that not all .org domains are reputable.

                                                            Wait... RecursionError: maximum recursion depth exceeded

                                                          • gnicholas 5 days ago
                                                            In other news, grey text on a light grey background is terrible to read (especially with such a light font weight).
                                                            • slaymaker1907 5 days ago
                                                              If you are on desktop, there are two CSS color rules to disable in order to get the color reasonable. Just click on the paragraph in inspector and they should be easy to find. The site should just work out of the box though, just wanted to provide a workaround for people who aren't red-tailed hawks.

                                                              Also wanted to add that for sites you go on a lot, Amino seems to be a pretty good browser extension for saving modifications persistently.

                                                              • nine_k 5 days ago
                                                                Reader Mode is Firefox and Safari remove most of unnecessary styling and other non-essential elements. Highly recommended with text pieces.
                                                              • sedatk 5 days ago
                                                                Not just the colors. The site's presentation with complex UI elements is confusing at best. I wish it was laid out like https://motherfuckingwebsite.com/ Much clearer.
                                                                • tapvt 5 days ago
                                                                  Yes. I wasn’t able to read the content on mobile at all and I have okay eyesight.
                                                                  • skytreader 5 days ago
                                                                    I also didn't realize the carousel of screenshots has a caption specifying the site name. Which I thought was an odd oversight.

                                                                    Then I realized the site name is in a thin red font on a dark background.

                                                                    • maccard 5 days ago
                                                                      Reader mode in firefox is what you want here.
                                                                      • kevincox 5 days ago
                                                                        The fact that reader modes exist is a story about the sad state of the web. They are a useful hack for users but we should not have to rely on them.
                                                                        • maccard 5 days ago
                                                                          I think it's a testament to firefox wanting to provide a better experience for the web.
                                                                      • dogecoinbase 5 days ago
                                                                        is this a criticism of the linked site, or HN?

                                                                        ... and to stay on topic, .org may not be credible, but the indistinguishable-at-a-glace .ong is absolutely vetted. So keep an eye our for that ;)

                                                                        • SamBam 5 days ago
                                                                          The linked site, obviously. It handily fails accessibility guidelines, far more-so than HN.
                                                                          • the_pwner224 5 days ago
                                                                            The gray text is intentionally used for this purpose on HN.
                                                                            • gnicholas 5 days ago
                                                                              This is arguably still an accessibility concern because there's no easy way to make the text readable. Perhaps hovering over it could make it show in black? I've tried highlighting it, but that doesn't work very well because my highlight color is light blue by default (I think I could change it but wouldn't do so just for this purpose).
                                                                              • vulcan01 5 days ago
                                                                                If you click on the timestamp (i.e. "2 hours ago") you will get a fully readable comment.
                                                                                • computator 5 days ago
                                                                                  That only works if you're logged into Hacker News.
                                                                                  • gnicholas 5 days ago
                                                                                    Wow, have been on this site for nearly a decade and I just learned two things! I wonder why there is different greying behavior for people who are logged in?
                                                                                • cfjgvjh 5 days ago
                                                                                  I'm on Firefox and it has a pretty deep blue for highlight color. Maybe it's an accessibility concern of the browser as opposed to HN? I don't think making the text lighter interferes with screen readers for example.
                                                                                  • gnicholas 5 days ago
                                                                                    Yes, but people who have normal-ish vision don't have or know how to use dedicated screen readers. I could figure out how to have my browser or OS read aloud, but I generally don't want to have things read out loud to me. I just want to be able to read them visually.

                                                                                    I think my highlight color is set at the OS level, at least on my Mac.

                                                                          • superkuh 5 days ago
                                                                            The dot org organization itself isn't even credible. They tried to destroy the domain and cash out.
                                                                          • Danski0 5 days ago
                                                                            Is this article old? Haven't heard anyone say or believe that .org is anything special in 10years. Who is saying this? Same books that claims smoking is good?
                                                                            • necovek 5 days ago
                                                                              To be honest, I wonder more how did anyone ever get this idea? Looking at whois records for my personal .org domains, some of them have been registered since 2003 (I also have a .net from 2002): I was a student back then!

                                                                              I guess the fact that I was heavily involved in open source (where every single project used .org domain if available) never made me think they were in any more "reputable" than eg. .com.

                                                                              So, how did anyone ever get the notion that they were restricted to non-profits? I know that "choosing your domain name" guides at the time mentioned how .org is a good candidate for non-profits, but how did that evolve into "only registered non-profits can get a .org domain"?

                                                                              • npongratz 5 days ago
                                                                                Interestingly, Wikipedia's entry claims (without citation!) that .org "was originally intended for non-profit organizations or organizations of a non-commercial character that did not meet the requirements for other gTLDs." [0]

                                                                                I believe RFC 920 [1] was the guiding document when .org was established in 1985. It cites no restrictions on .org second level registrations, merely that "ORG = Organization, any other domains meeting the second level requirements."

                                                                                [0] https://en.wikipedia.org/wiki/.org#History

                                                                                [1] https://tools.ietf.org/html/rfc920

                                                                              • I agree. Im pretty sure I remember a teacher saying this in like 2007.

                                                                                If you look at the provided examples of .org miseducation, they seem to be quite old.

                                                                              • surround 5 days ago
                                                                                > There are no hard and fast rules that will readily determine whether a website is credible. I think that teaching people that they can simply look for .org in the URL and immediately accept a website as credible can do more harm than good.

                                                                                > Instead, we should be providing everyone with the critical thinking tools they need to evaluate and assess sources themselves.

                                                                                This kind of thinking is incredibly important. Many believe in only following one or two "credible" news sources instead of trying to get the point of view from a variety of outlets. Others like to block a list of websites which someone decided was fake news.

                                                                                There is no easy way to determine what is true and what is false. In fact, most of the time there is no definite "right" and "wrong" - instead, both sides of an issue will have important pieces to consider. In fact, there's hardly ever just two sides to an issue, rather, a wide range of opinions.

                                                                                I was not taught this in school. I was taught to trust .org websites.

                                                                                • exporectomy 5 days ago
                                                                                  How on earth did your teacher think .org was trustworthy?

                                                                                  A trouble with trusting news that's true instead of fake is it misses the point that even true news gives a false feeling even if all the facts are true. They use scary language, omitting inconvenient facts, subjective exaggerated sounding words, quoting real people stating false facts, etc. Those feelings have actual consequences on how people vote and what decisions they make. For example, the great Pacific garbage patch was shown dramatically on TV a so dense you could just about walk on it and led to people not wanting to put plastic bags in the landfill. They were so overwhelmed by the demonization of plastic, they didn't pay attention to the facts. That whole Trump thing was filled with it too. They didn't really lie but they made all his actions sound bad so people hated him.

                                                                                  • Jordrok 5 days ago
                                                                                    You're right that media can be manipulative without explicitly lying, but let's be clear, Trump's actions alone were more than enough to make people hate him without any media manipulation whatsoever. All that hate was earned.
                                                                                    • exporectomy 4 days ago
                                                                                      Not really. New rules were invented just to make him be wrong. Like those issues with the Mexico border and aggravating North Korea. Biden has recently aggravated North Korea too but people don't seem to be afraid he's starting a nuclear war like they were when Trump did it. Biden also hasn't opened the border with Mexico to allow visa-free entry yet people aren't calling him a racist for it.

                                                                                      He certainly did some really bad things like mismanaging Covid, but most of the hate was about things he said, not things he did like invading Iraq or wiretapping his political opponents' headquarters like previous widely hated presidents have done.

                                                                                      Some of the hate was even about his physical appearance - the color of his skin, his hairstyle, the shape of his hands, etc. That absolutely wasn't earned. It was just hateful people spreading hate.

                                                                                      • Jordrok 3 days ago
                                                                                        Are you kidding me? Sure you can make it sound trivial if you give the weakest possible examples.

                                                                                        Let's talk about the border: Trump literally campaigned on the slogan "I'll build a wall and have Mexico pay for it." And what did he do in reality? When attempts to make Mexico pay for it failed miserably, as predicted by anyone with common sense, he begged and bullied congress (to the point of a government shutdown, no less) to put aside American taxpayer dollars for it. When that too failed, he attempted to pilfer money from various other government departments like homeland security and defense. By comparison, Biden has shut down construction and returned that money for its original uses. And I'm not even sure what you're talking about with that "open borders" nonsense. Nobody has ever actually advocated for that other than the bogeymen from the fevered nightmares of Fox News commentators. You're buying into your own propaganda.

                                                                                        As for North Korea, they were antagonized by Biden calling their nuclear program a "serious threat" to American and world security. What did Trump say again? Oh yeah, he called Kim Jong Un "Little Rocket Man" and said that North Korea "will be met with fire and fury like the world has never seen". I consider us all lucky that so much of Trump's administration turned out to be all talk and no action.

                                                                                        And yes, Covid. How many hundreds of thousands of Americans are dead because he refused to acknowledge reality and continued to lie and undermine public caution towards the pandemic? What other moron could possibly turn something so simple, easy, and painless to do as wearing a mask in public into a full blown culture war? Now we have grown adults whining and crying like petulant toddlers when asked to put on a fucking mask.

                                                                                        Yes, now I'm starting to lose my temper and ramble, but fuck it. That's how angry I get when I see people try to minimize the monstrous idiocy of the Trump presidency as just being the big bad news media out to get poor Trump. I could go on and on like this, but instead maybe I'll just call him a fat, orange, tiny handed imbecile with the world's most absurd combover - not because I hate him for these things (honestly, I couldn't care less about his appearance) - but because it relieves a little bit of the anger caused by him constantly running the country into the ground while claiming that he's making it great.

                                                                                • jccalhoun 5 days ago
                                                                                  People are asking who believes this and I can tell you: my college students. Every semester I talk about researching and when I ask them how they can tell if a web site is credible at least one will say if it is a .org or .edu.

                                                                                  Then I show them http://www.dhmo.org/ and a .edu hosted anti-science web site from a religious university to prove it isn't true. Then on the test they still say you can tell if a site is credible because it is a .org or .edu...

                                                                                  • zqfm 5 days ago
                                                                                    I'm in my 30s and finally going to college and can confirm that many of my fellow students (most in their teens or early 20s) believe that .org domains are credible. I've pointed out that anyone can buy one for $10 so hopefully some have taken that to heart, but I wonder where are they getting this from?
                                                                                    • the_only_law 5 days ago
                                                                                      > .edu hosted anti-science web site from a religious university to prove it isn't true.

                                                                                      Got the link to this one, I’m curious on the specific topics they argue against and if I know the university.

                                                                                      • jccalhoun 5 days ago
                                                                                        The one I use is basically trying to prove their religious text is correct even though science says that animals mentioned in the religious book were not native to that area.
                                                                                    • crazypython 5 days ago
                                                                                      ".ngo" requires validation of an organization's status as a Non-Governmental organization. It is administered by the same registry as .org.
                                                                                      • csnweb 5 days ago
                                                                                        You actually need to provide some document proving you are charitable. This is the criteria catalogue:

                                                                                        Focused on acting in the public interest: Whether in support of education or health, the environment or human rights, members of the community work for the good of humankind and/or the preservation of the planet and do not promote discrimination or bigotry. Non-profit making/non-profit-focused entities: While many NGOs and ONGs engage in commercial activities or generate revenue in support of their missions, members of the community do not recognize profits or retain earnings.

                                                                                        Limited government influence: Recognizing that many NGO and ONG organizations have important interactions with government, not least for reasons of funding (which may include receipt of some government funding in support of their programs) members of the community decide their own policies, direct their own activities and are independent of direct government or political control.

                                                                                        Independent actors: Members of the community should not be political parties nor should be a part of any government. Participation in the work of a NGO/ONG is voluntary.

                                                                                        Active Organizations: Members of the community are actively pursuing their missions on a regular basis.

                                                                                        Structured: Members of the community, whether large or small, operate in a structured manner (e.g., under bylaws, codes of conduct, organizational standards, or other governance structures.)

                                                                                        Lawful: Members of the .NGO and .ONG community act with integrity within the bounds of law.

                                                                                        • erik_seaberg 5 days ago
                                                                                          What’s to verify, do they require a corporation with a charter and shareholders?
                                                                                          • csnweb 5 days ago
                                                                                            Please see my comment to the parent. You will need to prove you are charitable. They have a list of seven points you need to fulfill.
                                                                                            • rsj_hn 5 days ago
                                                                                              Kiwanis Club is a non-governmental organization. So is the Assemblies of God churches. And Exxon.
                                                                                          • morpheuskafka 5 days ago
                                                                                            > The common explanation is that only non-profits, professional associations, and other organizations are able to register a .org domain name.

                                                                                            Even if that were true, how would it indicate any credibility? Being a nonprofit (a) is defined differently in every country and (b) in the US, just means that the organization advances some sort of social purpose (may or may not be one you agree with) and does not accrue profit on behalf of its members. It in no way means they are trustworthy nor that they are qualified to speak on the issue at hand.

                                                                                            • dragonwriter 5 days ago
                                                                                              > in the US, just means that the organization advances some sort of social purpose

                                                                                              No, it doesn’t even mean that, unless “social” is defined away to meaninglessness, since a nonprofit can serve virtually any imaginable human purpose; it.can’t return a profit, but it can exist to drive on for a group of firms (trade associations are a valid class of tax-exempt nonprofits.)

                                                                                              Some categories of nonprofits, particularly donation-deductible charities, are defined by social purpose, but the category as a whole is not.

                                                                                              • Mauricebranagh 5 days ago
                                                                                                One of the previous bidders for .org wanted to limit it to only the US definition of "non profit"

                                                                                                Which meant that the Red Cross did not qualify - that application quickly got kicked out I seem to recall

                                                                                                • cratermoon 5 days ago
                                                                                                  Agreed. There are plenty of organizations that have gotten 501(c)3 not-for-profit status that are, shall we say, of questionable credibility.
                                                                                                • tjbiddle 5 days ago
                                                                                                  Back when I was 12 or so, I remember arguing with my "Computer Teacher" about various TLDs.

                                                                                                  I had a similar point that ".com" doesn't need to be a commercial entity.

                                                                                                  She continued to berate me in front of the class. I got detention and was told that all my .com domains were illegal.

                                                                                                  Ah - the educational system at it's finest.

                                                                                                  • HenryBemis 5 days ago
                                                                                                    I came up with the below around 20 years ago when I was first exposed to tech-teachers (outside Uni) and auditors (work) (I blame it on reading too much Dilbert)(I am aware that the 1,2 are common, I thought of 3,4 at the time)(I wouldn't be surprised if 3 is common)(but 4 is definitely mine)(I honestly believe I came up with 3,4 - it was 20 years ago so apologies if I remember that wrong).

                                                                                                    1) Those who can, do.

                                                                                                    2) Those you can't do, manage. (partially "Peter Principle" imho)

                                                                                                    3) Those who can't (even) manage, teach.

                                                                                                    4) Those who can' (even) teach, audit.

                                                                                                  • dimal 5 days ago
                                                                                                    Not sure what this site is doing to screw up scrolling but jeez... it seems like my $4000 MacBook Pro should be able to handle scrolling a static webpage. But nope, this is jittery as hell, in both Safari and Chrome.
                                                                                                    • walrus01 5 days ago
                                                                                                      time for a new domain name about how janky CSS and excessive javascript doesn't mean credible. It looks fine for me but I think that's because ublock origin is doing its job.
                                                                                                      • aembleton 5 days ago
                                                                                                        Strange. Firefox on my Android phone is having no issues

                                                                                                        Is it running some Javascript triggered by the scroll event? I've blocked that with a ublock rule.

                                                                                                      • annoyingnoob 5 days ago
                                                                                                        Its on the internet, you need to question its credibility from the start. The rest is just details. The internet is the wild west and you need to look out for yourself at all times.
                                                                                                        • CivBase 5 days ago
                                                                                                          I don't think this practice should be limited to the internet. Question what you watch on TV. Question what you read in newspapers. Question what you hear from political leaders, activists, pundits, economists, teachers, and even scientists. Think critically about what you see and hear, regardless of the source. Look for evidence and second opinions from multiple sources with a history of credibility. There are many individuals and organizations out there who benefit from your support and none of them are incorruptible.
                                                                                                        • c3534l 5 days ago
                                                                                                          My counterpoint whenever a teacher said this in school: 4chan.org
                                                                                                          • falcolas 5 days ago
                                                                                                            Always remember, 4chan is a .org .
                                                                                                            • walrus01 5 days ago
                                                                                                              goatse dot org is a real website too, but thankfully it just has text which says "hello.jpg" instead of the actual goatse
                                                                                                              • toast0 5 days ago
                                                                                                                Everybody knows that type of content is associated with the christmas islands. Not .org.
                                                                                                                • devenblake 5 days ago
                                                                                                                  I wonder if the site admin would be willing to sell to a fan?..
                                                                                                              • jedimastert 5 days ago
                                                                                                                I have a distinct memory of a high school class:

                                                                                                                We were being taught about the internet. The teacher made a weirdly specific rant about how wikipedia was unsafe. Two slides later and we were told that org domains were more trustable than com. I pointed out that wikipedia was an org domain. I was sent to the principal's office.

                                                                                                                Fun times.

                                                                                                                • jcranmer 5 days ago
                                                                                                                  Our classroom discussion of Wikipedia was "You should never cite Wikipedia... because it's an encyclopedia, and you should never cite encyclopedic knowledge anyways." Otherwise, the general sentiment of Wikipedia at school was that it was a good resource for finding resources.

                                                                                                                  As for .com versus .org, I think we may have been told that .org was somewhat more trustworthy than .com. But we were generally told to favor .gov over both anyways; outside of that, it was a matter of understanding the webpage context to know who was publishing the content and attempting to assess their biases and how that affects the trustworthy content. Definitely would have been something about how even a .edu page might not reflect academic research anyways (since students might have their own personal webspaces on a .edu site).

                                                                                                                  • nsxwolf 5 days ago
                                                                                                                    The further back in time you go the more ignorance and skepticism of Wikipedia you find. When I was in college in the early 2000s the professors would say “don’t use Wikipedia, anyone can edit it so you can’t trust anything it says”
                                                                                                                    • pdonis 5 days ago
                                                                                                                      The thing about Wikipedia is not so much that it's "unreliable", it's that, for any topic that is at all disputed, in order to know if what you're reading on Wikipedia is reliable, you have to already be knowledgeable about the topic, in which case you don't need to find out about it on Wikipedia.
                                                                                                                      • livre 5 days ago
                                                                                                                        In order to know if anything you are reading anywhere is reliable you have to already be knowledgeable about the topic. It doesn't matter if you are reading about it on Wikipedia, a random blog, a printer book or a published paper. The thing about Wikipedia is that for most popular topics that you aren't knowledgeable about you can be sure they've been reviewed by thousands of users and kept somewhat reliable and up to date, unlike reading the same topic on a random blog or an old printed book.
                                                                                                                        • pdonis 4 days ago
                                                                                                                          > In order to know if anything you are reading anywhere is reliable you have to already be knowledgeable about the topic.

                                                                                                                          Not necessarily. Consider a good textbook or paper on, say, physics, for example. The textbook will not just tell you things, perhaps with a bunch of references. It will actually construct the theoretical model(s) it is going to use, step by step, starting with premises that are either common knowledge or are supported by experiments (an example of the latter is the premise that the speed of light is the same in all inertial frames, which Einstein used to construct the theoretical model of special relativity in his famous 1905 paper). You don't have to already be knowledgeable about the topic to evaluate what you're reading. You can evaluate it on its merits: are the premises true, or at least reasonable? Is the construction of the model valid?

                                                                                                                          There are some articles on Wikipedia that actually try to do this; but the ones that do it correctly, that I've seen, aren't on topics that are at all disputed. That's why I put that qualifier in my statement.

                                                                                                                          > The thing about Wikipedia is that for most popular topics that you aren't knowledgeable about you can be sure they've been reviewed by thousands of users and kept somewhat reliable and up to date

                                                                                                                          You must be joking. Most articles on Wikipedia have only been reviewed by a small number of people. And for any topic that is at all disputed, those people are all partisans, and usually they are mostly partisans of one side, who revert or overwrite any contributions they disagree with. In some cases, when there are vociferous partisans on both sides, the whole process breaks down and it's basically impossible to get any useful content into an article.

                                                                                                                        • strken 5 days ago
                                                                                                                          This is true for books and other sources too. I remember reading that really popular sleep book, then going and looking at the papers it cited and seeing the first one I read showed the 7 hour bucket had lower all-cause mortality than the 8 hour bucket. I also remember an article posted on HN at the start of the pandemic that claimed masks were ineffective, but as proof cited a study that showed the best mask fabric blocked 99% of aerosoles and the worst blocked 20%.
                                                                                                                          • pdonis 4 days ago
                                                                                                                            > This is true for books and other sources too.

                                                                                                                            Yes, agreed.

                                                                                                                          • KMnO4 5 days ago
                                                                                                                            Every now and then I play the “is it bullshit” game on Wikipedia. When I come across a reference that just gives me a gut feeling as being off, I’ll follow up on the citation.

                                                                                                                            Usually it’s just a strangely worded sentence (common on biographies of not-famous people). Every now and then I’ll find completely fabricated information with sources that either a) don’t exist at the URL or b) say something completely different.

                                                                                                                      • MattGaiser 5 days ago
                                                                                                                        Similar memory. Librarian went on a rant about the evils of Wikipedia and instead directed us to these random websites.

                                                                                                                        Wikipedia at least has some level of review.

                                                                                                                    • ipython 5 days ago
                                                                                                                      There are very few well known tlds that have real restrictions on applicants, so why not just generalize and say “the internet doesn’t mean credible”? I guess it’s hard for me to empathize since I’ve lived through the 90s and own a dot org myself.
                                                                                                                      • userbinator 5 days ago
                                                                                                                        There is much irony in hosting this on a .org...

                                                                                                                        On the other hand, I still have an almost instinctive aversion to all the sites with new TLDs that I come across in search results, because they almost always seem to contain SEO spam or similarly vapid content.

                                                                                                                        Likewise, .ws and .us used to be the TLD of choice for cracks, warez, and all the "fun" stuff.

                                                                                                                        Either way, I think all TLDs do have an implicit bias associated with them. For me, .com .org and .net are a neutral connotation. They don't mean "credible", but also don't "stick out like a sore thumb" unlike some of the other newer ones.

                                                                                                                        • walrus01 5 days ago
                                                                                                                          > On the other hand, I still have an almost instinctive aversion to all the sites with new TLDs that I come across in search results, because they almost always seem to contain SEO spam or similarly vapid content.

                                                                                                                          for SEO stuffers, spams, scams and phishes, a lot of these new TLDs are popular because they're used in a disposable fashion. Many of them have first year promotional pricing of $2 to $6 to register the domain (as compared to $9-10 for a .com), but the price goes up to $25/year for all subsequent years. People using the domain names like a throw away paper towel, registering dozens or hundreds of them, only care about the first year cost, because there's no way they're going to keep using the same one beyond 12 months.

                                                                                                                          • rsj_hn 5 days ago
                                                                                                                            am holding out hopes to grab foo.vapid
                                                                                                                          • logifail 5 days ago
                                                                                                                            > "Many textbooks, online research guides, and other resources claim that a .org domain name is an indicator of credibility"

                                                                                                                            In other news: content author fails to provide sources for claims.

                                                                                                                          • mgarfias 5 days ago
                                                                                                                            I’ve “owned” a .org since 1999. It’s never meant anything.
                                                                                                                            • nannal 5 days ago
                                                                                                                              I own govassure.org and use it for phishing engagements, it was easy to get org as it was com.
                                                                                                                            • HeavenFox 5 days ago
                                                                                                                              One of my pet peeves is that Coursera uses .org domain. A YC-backed billion-dollar-valuation public company.
                                                                                                                              • mr_toad 5 days ago
                                                                                                                                They probably couldn’t get an .edu domain.
                                                                                                                              • mattowen_uk 5 days ago
                                                                                                                                IIRC, back in the day the idea was that .org's couldn't host commercial services, or run ads. Never really enforced though, so yeah, pointless.

                                                                                                                                Also, I own a .org , and I'm not sure I'm credible at all, so quod erat demonstrandum, I guess.

                                                                                                                                • > couldn't host commercial services, or run ads.

                                                                                                                                  Correct is was intended for non-profits, while I don't know that was ever enforced.

                                                                                                                                  However when .org was created nobody was thinking about ads. They appeared maybe ten years later.

                                                                                                                                • btucker 5 days ago
                                                                                                                                  Carnegie Mellon had a rule (mid-2000s) that you could only host .orgs from the static IPs you could register on your dorm Ethernet. I launched openpodcast.org & bibme.org as a result of that. I always thought it was a senseless rule.
                                                                                                                                  • riffic 5 days ago
                                                                                                                                    how would they enforce that?
                                                                                                                                  • jaza 4 days ago
                                                                                                                                    Any .org.au domain has to be a registered Australian not-for-profit (there are currently 11 allowed types). Similarly, any .com.au or .net.au domain has to be a registered Australian business. I assume various other countries are similarly strict about legitimacy of domain ownership, I've never checked. And yes, I know, these TLDs have nothing to do with .org / .com / .net, as such, except that they look similar.

                                                                                                                                    So, for .org.x domains for certain x at least, it does mean credible.

                                                                                                                                    • kissgyorgy 4 days ago
                                                                                                                                      Technical people know this, non-technical people will click Continue on huge red pages warning for phishing. Not sure who is the target audience for this website.
                                                                                                                                      • remix2000 5 days ago
                                                                                                                                        Sure it doesn’t, as claims that a reputable site like thepiratebay.org might be “sketchy” are… not very credible. :P

                                                                                                                                        Restricting access to .org to just registered non-profits would be just pointless, because there are some notable parties that may not ever receive official recognition, e.g. human right activism in Belarus.

                                                                                                                                        Unless .org would be restricted to US-based organizations only, that would make a whole lot more sense.

                                                                                                                                        • Semiapies 5 days ago
                                                                                                                                          But it lists Pirate Bay twice--it must be so!
                                                                                                                                        • throwaway09223 5 days ago
                                                                                                                                          "The use of ARPA as a Top Level Domain was only temporary, until its hosts selected some other domain. "

                                                                                                                                          Someone tell that to in-addr.arpa, lol. It's certainly still around https://www.iana.org/domains/arpa

                                                                                                                                          The author really should've checked later RFCs.

                                                                                                                                          • That is just further proof that .org doesn't mean credible.
                                                                                                                                          • don-code 5 days ago
                                                                                                                                            There was a time that some Microsoft software was free for evaluation for college students, but in fact, anyone with a .edu domain name was able to sign up.

                                                                                                                                            While I took advantage of this as a high school student, I assume faculty and non-teaching staff, as well as alumni, could have done likewise.

                                                                                                                                            At this point, TLDs matter about as much as your area code. They ceased being useful in the mid-2000s.

                                                                                                                                            • myhikesorg 5 days ago
                                                                                                                                              You can be <anything>.org but it doesn't mean people will find your website, or use it, or tell other people to use it, or even trust it in the first place. Same goes for <anything>.com, <anything>.net, etc.

                                                                                                                                              .org is a great way for low-income websites to stay on the internet. I run a tiny organization, so I use .org.

                                                                                                                                              • m00dy 5 days ago
                                                                                                                                                I now see a lot of crypto projects are now using .org domain.
                                                                                                                                                • amelius 5 days ago
                                                                                                                                                  ICANN brings in millions and they don't even verify domain holders?

                                                                                                                                                  Their mission statement:

                                                                                                                                                  > ICANN's mission is to help ensure a stable, secure, and unified global Internet.

                                                                                                                                                  • sokoloff 5 days ago
                                                                                                                                                    As far as I can tell, the verification is basically an annual email that registrars send reminding domain owners to update their contact information and for which no actual follow up is performed.
                                                                                                                                                  • fungiblecog 5 days ago
                                                                                                                                                    Who would actually believe a domain name means anything?
                                                                                                                                                    • detaro 5 days ago
                                                                                                                                                      If you had no clue about how domains are allocated, why wouldn't you believe it? "These domains are given to group X" sounds totally believable - and is indeed the case for some TLDs?
                                                                                                                                                      • toast0 5 days ago
                                                                                                                                                        .com is for domains that fit into a single segment!
                                                                                                                                                      • drdavid 5 days ago
                                                                                                                                                        About an hour before you:

                                                                                                                                                        >... I still have an almost instinctive aversion to all the sites with new TLDs that I come across in search results ...

                                                                                                                                                        (Among some other comments, that was just the nearest one.)

                                                                                                                                                        So, the likely answer is, "All sorts of people."

                                                                                                                                                        If I'm just browsing, I don't really notice them. I have a bunch of domains, and many are .us because it's nice and short with many names available.

                                                                                                                                                        • jabroni_salad 5 days ago
                                                                                                                                                          Since it's show 'n tell, you can't get a .bank without a bank charter. https, dnssec, tls > 1.2, and dmarc are all mandatory and the registrar does scan everything in your dns zones for violations.
                                                                                                                                                          • tptacek 4 days ago
                                                                                                                                                            That's all pretty performative given that the largest and most important banking sites on the Internet (1) aren't on .bank and (2) don't use DNSSEC; that this is the case despite those banks operating some of the largest and best-resourced security teams in the industry should tell us something.
                                                                                                                                                            • jabroni_salad 4 days ago
                                                                                                                                                              As someone who started their career at an F100 and now consults in the SMB space, all it really tells me is that the change is not worth pushing through the bureaucracy and bringing a new mandatory thing to millions of consumers.

                                                                                                                                                              At a small town bank, whose risk tolerance is maybe one major loss event per decade? Where a given complaint is never more than 3 people removed from the CEO? Who'se antifraud resources are just normal bankers that also have some extra tasks assigned to them?

                                                                                                                                                              Being able to get homoglyph attacks off the risk board at the cost of a few of my billable hours and a week of effort from the marketing person is a no-brainer to them.

                                                                                                                                                              • tptacek 4 days ago
                                                                                                                                                                I mean, small town banks, sure. And also:

                                                                                                                                                                    > $ host -t ds bankofamerica.com                                                                                                               
                                                                                                                                                                    bankofamerica.com has no DS record
                                                                                                                                                          • ibraheemdev 5 days ago
                                                                                                                                                            .edu and .gov mean something.
                                                                                                                                                            • quesera 5 days ago
                                                                                                                                                              There are some legacy registrations for .edu that are held by individuals for their own use.

                                                                                                                                                              I am unaware of any similar (ab)use of .gov or .mil, however.

                                                                                                                                                              And .org never ever meant anything at all.

                                                                                                                                                              • detaro 5 days ago
                                                                                                                                                                A well-known glaring exception with .edu is Academia.edu, which is a commercial paper repository/"social network".
                                                                                                                                                                • astura 5 days ago
                                                                                                                                                                  That's because the domain name "Academia.edu" was registered in 1999 and the current restrictions on ".edu" TLD were put in place in 2001.

                                                                                                                                                                  .mil and .gov have always been controlled by the US government,.and since 2013 local governments in the US may register a .gov domain.

                                                                                                                                                                  • lwf 5 days ago
                                                                                                                                                                    Wow, I didn't realise it was this old:

                                                                                                                                                                    > The URL had been registered back in 1999, before 2001 regulations restricted the “.edu” designation to accredited higher educational institutions. “[D]espite its misleading top level domain,” noted Kathleen Fitzpatrick (2015), head of scholarly communication at the Modern Language Association, “Academia.edu is not an educationally-affiliated organization, but a dot-com.” Like other prior domain filings, Academia.edu was grandfathered in, granting the startup a time-sealed patina of nonprofit credibility

                                                                                                                                                                    https://journals.sagepub.com/doi/10.1177/2056305117696523

                                                                                                                                                              • scubbo 5 days ago
                                                                                                                                                                Do you navigate to this site by IP address?
                                                                                                                                                              • wombatpm 5 days ago
                                                                                                                                                                Didn’t we learn this at the dawn of the internet?

                                                                                                                                                                Why is it slashdot.org and not slashdot.com? Because .org addresses were $10 and .com were $40 at the time

                                                                                                                                                                • mgarfias 5 days ago
                                                                                                                                                                  in my case, the .com was owned by a computer company in tijuana (no joke).
                                                                                                                                                                • chaozznl 5 days ago
                                                                                                                                                                  Why, on a website about being credible, would you not use a free SSL certificate so you can serve the page via HTTPS?
                                                                                                                                                                • If the author of this site happens to be reading this - can you please add the URL in my bio to your list of sketchy .org sites?
                                                                                                                                                                  • gadders 5 days ago
                                                                                                                                                                    I remember when people criticised Slashdot for having a .org address when they were bought by Andover.net.
                                                                                                                                                                    • Mauricebranagh 5 days ago
                                                                                                                                                                      "The common explanation is that only non-profits, Professional associations, and other organizations are able to register a .org domain name."

                                                                                                                                                                      NO .org is not that at all - I used to work for a registry who bid for the .org

                                                                                                                                                                      • closeneough 5 days ago
                                                                                                                                                                        Why should I believe this site?
                                                                                                                                                                        • Tenobrus 5 days ago
                                                                                                                                                                          But on the other hand a .org file would probably rank pretty highly on the [file extension trustworthiness scale](https://xkcd.com/1301/)
                                                                                                                                                                          • Duh. ICANN’t is a disgraceful scam, as is the canned collection of TLDs. The end of a domain name should be ANY STRING, registerable through any registrar… with the e caption of mil, edu, and gov (because they’re still enforced).

                                                                                                                                                                            Let’s say you’re Bob Williams; registering bob.williams should be a routine transaction.

                                                                                                                                                                            • voceboy521 5 days ago
                                                                                                                                                                              this is so dumb. how is this news
                                                                                                                                                                              • RandomWorker 5 days ago
                                                                                                                                                                                Super interesting fact here..

                                                                                                                                                                                >.COM

                                                                                                                                                                                >This domain is intended for commercial entities, that is companies. This domain has grown very large and there is concern about the administrative load and system performance if the current growth pattern is continued.

                                                                                                                                                                                • ROARosen 5 days ago
                                                                                                                                                                                  I find the same abundant misrepresentation about SSL.

                                                                                                                                                                                  SSL is important but a valid SSL certificate doesn't mean a site is safe.

                                                                                                                                                                                  An invalid (or nonexistent) SSL/TLS certificate doesn't mean a site is illegitimate.

                                                                                                                                                                                  A site without a user facing login really doesn't need SSL. And SSL is pointless on said site if it's for instance a Let's Encrypt.

                                                                                                                                                                                  An example of misleading info (highlighted): https://www.cloudflare.com/learning/ssl/what-is-domain-spoof...

                                                                                                                                                                                  • bruce511 5 days ago
                                                                                                                                                                                    There's this common misconception that sans user input a site is fine without https.

                                                                                                                                                                                    Unfortunately this is not the case. Site security serves not only the purpose of protecting user input, but also ensuring that the data you are receiving has not been altered, ammended or replaced.

                                                                                                                                                                                    At the low level it stops an ISP injecting their own ads or tracking, at the high level it prevents the injection of malicious code downstream from the site itself.

                                                                                                                                                                                    Things like link-replacement, javascript injection, altered text, and so on make even read-only style sites untrustworthy over plain http.

                                                                                                                                                                                    • And there is precident of isps injecting/replacing ads on non-https requests.

                                                                                                                                                                                      This is not a theoretical issue which could technically become real, it's actually being done.

                                                                                                                                                                                      • Qwertious 5 days ago
                                                                                                                                                                                      • deepstack 5 days ago
                                                                                                                                                                                        >A site without a user facing login really doesn't need SSL. And SSL is pointless on said site if it's for instance a Let's Encrypt.

                                                                                                                                                                                        Depending on the ISP is trust worthy. In this day and age, none is trust worthy. Any network between server and browser can alter the content if it is NOT ssl encrypted. In US it is very often you see Verizon (not to single them out) modify the http content before they deliver to you. I guess it all comes down to if you want to get the actual content that is unmodified by the network routes between you and the server.

                                                                                                                                                                                        • birdyrooster 5 days ago
                                                                                                                                                                                          "And SSL is pointless on said site if it's for instance a Let's Encrypt."

                                                                                                                                                                                          That isn't pointless SSL. Let's Encrypt isn't going to protect you from nation states, but cyber criminals aren't going to be invested or necessarily sophisticated enough to get Let's Encrypt's CA keys. Also, if you are worried someone will take over your Let's Encrypt automation and generate new certificates, they probably could use the same RCE to get at your private keys or directly sniff traffic from the compromised system.

                                                                                                                                                                                          If you qualified this statement with "if the business is large cap", everyone would agree but then again that's why BigCo uses traditional CAs or roll their own.

                                                                                                                                                                                          • Moodles 5 days ago
                                                                                                                                                                                            > A site without a user facing login really doesn't need SSL. And SSL is pointless on said site if it's for instance a Let's Encrypt.

                                                                                                                                                                                            Depends what you mean by need. SSL/TLS still provides benefits like privacy (from third parties) on what you're viewing on the site, as well as no malicious content being injected. It's not just useful to protect your POST requests of username and password.