Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

For a static site HTTPS is wholly unnecessary.


Correction: for a static site HTTPS is less useful.

It's not like having a <form> magically attracts the hacker known as 4chan.

For each case you would have to consider what can happen with and without HTTPS. Cat pictures: probably fine either way; the worst someone will do is inject bitcoin-mining javascript; or they may inject phishing, or porn and ruin your site's reputation. Actually this can even be useful sometimes as some ISPs may inject "we are having an outage" or "please remember to pay your bill".

Hacker News is a dynamic site with about the same characteristics.

Now imagine you are Wikileaks. Static, yes. Encryption required? You tell me. Worse: The onion address and bitcoin donation link were replaced with ones pointing to the NSA. Worse: The NSA can see who's accessing what, instead of just who's accessing.

Actually, an attacker can use your cat picture preferences to build up a profile of you, and perhaps identify you on different networks.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: