HTTPS Security Debate

The cluster centers on debates about the necessity and limitations of HTTPS for web security, especially in preventing man-in-the-middle attacks, ensuring page integrity, and criticisms of sites served over plain HTTP.

📉 Falling 0.4x Security

4,943

Comments

Years Active

Top Authors

#2455

Topic ID

Activity Over Time

2007

2008

2009

2010

226

2011

236

2012

238

2013

413

2014

414

2015

416

2016

444

2017

455

2018

371

2019

302

2020

316

2021

204

2022

252

2023

223

2024

137

2025

161

2026

Top Contributors

tptacek (75) icebraining (20) peterwwillis (18) mike-cardwell (16) geofft (16)

Keywords

equifax.ca EDIT HTTPS THEIR HTTP FS i.e boingboing.net warni.html YouTube https ssl http secure security site malicious user server tls

Sample Comments

dreamsofdragons • Jun 30, 2016 • View on HN

None, obviously. If you don't have https, you don't even have the illusion of security.

jiggawatts • Jun 1, 2022 • View on HN

Why would that matter if they have HTTPS?

Swennemans • Jun 30, 2016 • View on HN

Wow no HTTPS, makes you wonder what security measures they did take.

tlrobinson • Aug 29, 2013 • View on HN

Yes, however isn't this sort of what HTTPS is supposed to accomplish?

shif • Apr 22, 2017 • View on HN

HTTPS isn't bulletproof either, the argument could still be made with TLS

Aaron1011 • Sep 7, 2016 • View on HN

Why? Without HTTPS, anyone between a user and your server can modify your page, without you noticing.

jsheard • May 4, 2025 • View on HN

Because the point of HTTPS is to prevent man in the middle attacks. It isn't supposed to do everything.

teknopurge • Nov 29, 2020 • View on HN

https does not 100% prevent any of those things.

ksrm • Dec 20, 2013 • View on HN

Won't simply always using HTTPS protect you from this?

bduerst • Sep 29, 2015 • View on HN

Wouldn't HTTPs prevent that?