alt Hacker NewsI think it was Snowden who made TLS the default. Let's Encrypt did great work, but basically having the NSA's spying made common knowledge (including revealing some things that were worse than we expected, like stealing the traffic between Google's data centers) created a consensus that unencrypted HTTP had to go, despite the objections of people like Roy Fielding.
Replies
Ironically, the inability to cache TLS on the edge of my network makes the Internet more surveillable since everything has to pass through the Room 641As of the world and subjects us all to more network behavior analysis. The TLS-everything world leaks so much more metadata. It's more secure but less private.
The article claims http was kept around. My experience was, that once you setup https you just redirected http, like today.
Snowden may have been a coincidence, too. We knew encryption was better, it was just too much of a hassle for most sites.
> I think it was Snowden who made TLS the default.
Snowden's revelations were a convincing argument, but I would place more weight on Google in its "we are become Evil" phase (realistically, ever since they attained escape velocity to megacorphood and search monopoly status), who strove to amass all that juicy user data and not let the ISPs or whoever else have a peek, retaining exclusivity. A competition-thwarting move with nice side benefits, that is. That's not to say that ISPs would've known to use that data effectively, but somebody might, and why not eliminate a potential threat systemically if possible?