> It's a lot easier to maintain web servers if they are only using the http protocol and not https. Does that mean I should not enable https?
I think that's a totally different issue and I think it's harmful to this discussion to bring such an issue in.
The case of http vs https is not one of user security vs user convenience; it's user security vs sysadmin convenience.
There's a different tradeoff with giving user's more security which is less convenient for you to maintain, and you typically should do this (this is stuff like https, supporting 2fa, etc).
The better comparison is sharing data with third parties to provide users conveniences. This is a comparison between user's data security and user's convenience. That's the tradeoff being discussed.
Bringing in unrelated things like http vs https will only serve to muddy the waters and damage your point.
I think that's a totally different issue and I think it's harmful to this discussion to bring such an issue in.
The case of http vs https is not one of user security vs user convenience; it's user security vs sysadmin convenience.
There's a different tradeoff with giving user's more security which is less convenient for you to maintain, and you typically should do this (this is stuff like https, supporting 2fa, etc).
The better comparison is sharing data with third parties to provide users conveniences. This is a comparison between user's data security and user's convenience. That's the tradeoff being discussed.
Bringing in unrelated things like http vs https will only serve to muddy the waters and damage your point.