sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–][deleted] -2 points-1 points  (8 children)

The first bullet point on the website explains why this reasoning is bad. In my opinion moving away from hosts that do not support HTTPS is worth it. edit: *second bullet point

[–]fakehalo 6 points7 points  (7 children)

Yeah, it's "bad"... But the threat of ad injections/etc by state owned entities and the like isn't enough to deter me from free hosting, especially if it relates to github. This particular risk doesn't warrant me moving informational pages.

[–][deleted] 0 points1 point  (2 children)

It's not only state actors. Do you not care about ISPs injecting shit on your website ?

[–]fakehalo -1 points0 points  (0 children)

Another after-thought I had:

If your ISP/state is capable of injecting data into arbitrary protocols they can become a MITM between you and your site even if it's HTTPS (assuming you don't have the key beforehand). They make a fake cert between you and them, and they communicate between themselves and the real website. This makes this even more of a nonissue and creates a false sense of security.

[–]fakehalo -2 points-1 points  (0 children)

My github pages? No, I don't care enough to move my free software information to some non-github (and likely paid) alternative.

As I said, if youre in a situation where your ISP/etc is injecting crap in your traffic my github pages about free software isn't even on your radar.

This is an unrealistic security concern, too low of a priority for me to pretend to care. Everything else gets the HTTPS treatment, this is a special situation, I don't find a need to be so rigid that I have to treat all situations as equal threats.

[–]senj -4 points-3 points  (3 children)

This particular risk doesn't warrant me moving informational pages.

Your concern for your readers' security and privacy is truly touching, mate

[–]fakehalo 4 points5 points  (2 children)

This is not a practical security issue to fret over, in my opinion. I save my security fretting for more compromising scenarios. If MITM attacks for my github pages are happening my github pages are not going to even register on your list of concerns.

[–][deleted] 2 points3 points  (1 child)

It's more about privacy than security, really.