Why doesn't pg use HTTPS on his site?

Going to http://www.paulgraham.com doesn't redirect to https

And https://www.paulgraham.com tries to use a certificate for *.store.yahoo.com

7 points | by slygent 1085 days ago

7 comments

  • prepend 1085 days ago
    I don’t think there’s a reason to as it’s just content published from him for free. Doesn’t collect data. Doesn’t hold anything sensitive.

    Maybe somebody gets between a reader and his site and injects ads or something.

    Or maybe ISPs or local networks can watch what readers read.

    I don’t think either is that big of a deal and wouldn’t bother if I had sites.

    [-]
    • nkristoffersen 1085 days ago
      I’ve seen several ISPs inject things as well. No excuse for http anymore. No rewards, only risks and punishments.
      [-]
      • runjake 1084 days ago
        > No excuse

        You're not paying him anything to read his website. He does not owe you a single thing.

      • prepend 1084 days ago
        If you’re concerned with that then use a vpn.

        I’ve used dozens of ISPs and never had this problem. Guess I’m lucky.

        I don’t care if people inject stuff into my http content. If it becomes a significant problem, I’ll think about it.

        Simplicity is a reward. A big reward.

  • codegeek 1085 days ago
    Because he doesn't care ? I mean yes SSL is easy these days but he knows he doesn't have to do it and people would still read this blog.
    [-]
    • kypro 1085 days ago
      He probably just has better things to do and who cares (aside from Google)?

      I have a number of old sites (including my blog until recently) which haven't been switched over to https yet. It's not that I can't do it or that there's any real reason not to use https on those sites, I just have other things going on. PG set up his site years ago when https wasn't a default on the web, that's probably the real answer.

  • gabrielsroka 1085 days ago
    https://news.ycombinator.com/item?id=25214264

    https://news.ycombinator.com/item?id=24676257

  • avinassh 1085 days ago
    That reminds me, what other popular sites which are HTTP only (and no HTTPS)?
    [-]
    • weedfroglozenge 1085 days ago
      Australian Government weather website, www.bom.gov.au
  • tacostakohashi 1085 days ago
    Perhaps he has better things to do with his time that mess around with SSL certificates.
    [-]
    • verdverm 1085 days ago
      He certainly could afford to pay someone
      [-]
      • sthnblllII 1085 days ago
        Im more impressed that he does it himself.
  • quickthrower2 1085 days ago
    If you want to here someone else’s argument for why they don’t need https, see

        http://n-gate.com/software/2017/07/12/0/
    Paste the link in a new window as the site is not idempotent with respect to referral headers. Or in layman’s terms he blocks links from HN!
  • xkeysc0re 1085 days ago
    He still uses an iMac G3