Re: the blocking of downloads over unencrypted connections
Do you really want me to be able to collect a list of which pages on which specific websites you've visited, including a copy of all their content? I could find out a lot about you with that.
I generally agree. Encrypt all the things. If we were developing a new system today it would encrypt by design. There's just one exception. Software Mirrors.
Encrypting those makes opportunistic/transparent caching impossible. Sure, you can do it with a trusted proxy on a managed network where clients have certificates installed, but it nukes caching by ISPs or for unmanaged devices. It would kill LANCache and similar software.
There is no reason whatsoever why software (especially enormous game downloads) needs to be encrypted when you can compare signatures to verify integrity. It's why all the major marketplaces encrypt everything except the software downloads. They know networks need to cache them.