[openstreetmap-website] Website should redirect HTTP connections to HTTPS (#833)

Alex Gaynor notifications at github.com
Thu Nov 13 20:13:26 UTC 2014


To respect a user's decision, their decision needs to be an *informed* one, and it needs to be *choice*. I don't think there's a reasonable basis to say either of those are the case with users using HTTP in favor of HTTPS:

First, is it a choice: given that browsers default to HTTP, when no protocol is explicitly selected, and that many users will access the site via external links that they don't control, I don't think it's fair to say that users *choose* HTTP, they simply *get* HTTP.

Second, if we did say they'd made a choice, was an informed one. We, as an industry, have done a very poor job of educating users about the security implications of actions online. I don't believe most non-technical users have an understanding of what the implications of the loss of the **Authentication**, **Integrity**, or **Confidentiality** that coms with preferring HTTP to HTTPS are.

Given the fact that most users don't proactively consent to having their content spied upon or mutated in transit, and insofar as they do, it is not informed consent, I don't believe website authors have any obligation to provide access to content over dangerous protocols like HTTP.

---
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/833#issuecomment-62958141
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20141113/57003119/attachment.html>


More information about the rails-dev mailing list