Your solidarity is not so solid
I have some long e-mails to write to the owners of various online publications I write for about implementing SSL by default
Well, now, there's one problem. I don't want TLS everywhere on the web. My security model is not your security model, so why should I support your effort to impose your security model on me?
When I read the Reg, I don't need or want the extra overhead of TLS. For that matter, when I post comments, I don't need or want it. I don't care if someone goes through the (not trivial) effort of impersonating me here.
The HTTPS Everywhere fanaticism is only one small corner of IT security, true, but it's symptomatic of the whole. Every armchair security expert has some axe to grind. I don't believe I want an Occupy Computers movement agitating for a lot of ill-considered, poorly-understood security "fixes".
Biting the hand that feeds IT
