Re: No, this is wrong
> not all sites need https.
It's _literally_ free to set up HTTPS nowadays, and performance is no longer a concern (outside of some extreme edge cases).
It's not just about the site you're accessing, it's about the network you're accessing the site via. HTTPS helps provide some in-flight security so that someone in the middle can't inject nasties (US ISPs have been caught injecting advertising).
If you're not serving via HTTPS, its your users/visitors you're putting at risk, not yourself.
Honestly, the battle for "not everything needs HTTPS" has been long-since lost.
> In testing https and http versions of the same site it was impossible to access the http version, even if the https was subsequently broken.
Sounds like a bug, report it
> Chrome development is driven by ideology, not actual usability, security or privacy.
It's driven by commercial interests, but I largely agree as a rule.
Not sure this one falls under that though - in fact, I'd posit that nowadays "not everything needs HTTPS" is an ideology rather than something supported by real-world evidence.
> Privacy? It's practically Google spyware.
It's perfectly possible for something to offer near-absolute privacy against *most* threats whilst leaving you still entirely exposed to one party. If you're married, then your bedroom curtains probably do much the same thing.
If you're using Chrome, then that involves accepting that Google are going to be Google. It doesn't mean they should just say "fuck keeping things private from others" for users that are willing to make that trade-off
> Also it should be up to the rewrite rules on the site and the user input what to do, not some half baked algorithm put in by a programmer at Google's request.
It is - if you don't want HTTPS on your site, Chrome will fall back to HTTP. If you're the user, then enter the url with a scheme (http://foo.bar) rather than just the FQDN (foo.bar).
All that's changed is the default scheme