title: Re: Re: HTTPS considered harmful
lang: en

> I don’t argue HTTPS is overkill for many uses, especially for websites that provide read-only, low-importance information, and I do agree with your underlying expectations of simplicity and performance. My replies are only there because you used several technical arguments that I consider slightly exaggerated. You mention “not in my case”, then it would be worth describing that case more precisely in the article (though I think I see the kind of small, server-rendered, simple website you’re talking about and that I also tend to ship).
> 
> <cite>*[“HTTPS considered harmful”, yes, but isn’t HTTP too?](https://medium.com/@MattiSG/https-considered-harmful-yes-but-isnt-http-too-1ee1f4a36358)* ([cache](/david/cache/5c4908deaee4ee1b6ddc32ffdca5c429/))</cite>

My case is the only place where I publish: [here](/david/). A place where I could [hardly experiment anymore](https://blog.mozilla.org/security/2018/01/15/secure-contexts-everywhere/) ([cache](/david/cache/e41a3e7efc9c3285a60057987e86f9cd/)) without a certificate anyway. Let’s [plaid for a new norm](https://scotthelme.co.uk/we-need-more-phishing-sites-on-https/) ([cache](/david/cache/e2487822f8b4a22faeb5995679e1bc06/)) at all costs, and then create a new one atop of it because users couldn’t trust it (us?) anymore.

For the sake of (false) security, all extra complexity is granted. *GG.*