I have been running one for long time now. I depend on it so much that I cannot imagine using the internet without it. It is much smaller and easier to compile than a graphical browser.
Others will have different opinions but I personally remain skeptical that TLS provides internet users with more value than it provides so-called "tech" companies that profit from data collection, surveillance and online advertising services, and the CDNs that collaborate with them. While it can be used to protect a computer owner's sensitive data from eavesdroppers as it transits across the open internet, e.g., during "e-commerce", in practice TLS is used to conceal data exfiltration from the computer owner for commercial purposes by so-called "tech" companies. Not to mention the issue of "Certificate Authorities".
IMO, this is analogous to the situation with Javascript. It has the potential to provide value to www users, e.g., as a language computer owners can use to extend and control a graphical browser,^1 but in practice it provides the most value to so-called tech "companies" that are using it to control _someone else's_ browser to allow unauthorised and/or concealed data collection and surveillance.
> Others will have different opinions but I personally remain skeptical that TLS provides internet users with more value than it provides so-called "tech" companies ...
I think TLS can be helpful (for both sides of a communication), but the browser should not require it, and most servers also should not require it (but should allow it, if you deliberately choose to connect with TLS). HSTS is especially bad (I managed to disable it on my computer by using a hex editor so that the browser would no longer recognize the Strict-Transport-Security header).
Certificates can be helpful if you actually know which ones you specifically trust for a specific purpose (rather than being automatic), and if they will tell you information about a business (although as far as I know, Let's Encrypt does not do this and only verifies the domain name). However, sometimes if a certificate is changed or superseded, due to expiry, or change in ownership, etc, and it does not prevent the server operator from sending you malware; it only prevents spies from doing so. If a domain name is sold to someone else, that does not prevent cookies and other stuff from being sent, or from them adding malware, etc; however, it would be possible for end users to know the certificate to trust and avoid this problem (if a browser can be programmed to do this).
Client certificates could be helpful for authentication too, but this is rare with HTTPS (but it is commonly used with Gemini protocol). But, it does prevent someone who takes over the domain name from being able to use your information to log in, since a private key is required in order to use a client certificate.
Furthermore, the browser really should allow unencrypted proxies for encrypted connections, in order that if you deliberately want MITM then you do not need to encrypt and decrypt the data multiple times.
> IMO, this is analogous to the situation with Javascript. It has the potential to provide value to www users, e.g., as a language computer owners can use to extend and control a graphical browser ...
Yes, as well as other programming languages (if a browser supports it, which most don't).
(I disable JavaScripts on my computer, except for the scripts that I wrote by myself. I did write scripts to replace GitHub's UI (in much less lines of code than GitHub uses themself), and other things.)
> I personally remain skeptical that TLS provides internet users with more value than it provides so-called "tech" companies that profit from data collection, surveillance and online advertising services, and the CDNs that collaborate with them. While it can be used to protect a computer owners' data from eavesdroppers as it transits across the open internet, e.g., during "e-commerce", in practice TLS is used to conceal data exfiltration from the computer owner for commercial purposes by so-called "tech" companies. Not to meniton the issue of "Certificate Authorities".
I agree completely.
Google pushed HTTPS because it ensures that they are the only ones who can spy on users.
I have been running one for long time now. I depend on it so much that I cannot imagine using the internet without it. It is much smaller and easier to compile than a graphical browser.
Others will have different opinions but I personally remain skeptical that TLS provides internet users with more value than it provides so-called "tech" companies that profit from data collection, surveillance and online advertising services, and the CDNs that collaborate with them. While it can be used to protect a computer owner's sensitive data from eavesdroppers as it transits across the open internet, e.g., during "e-commerce", in practice TLS is used to conceal data exfiltration from the computer owner for commercial purposes by so-called "tech" companies. Not to mention the issue of "Certificate Authorities".
IMO, this is analogous to the situation with Javascript. It has the potential to provide value to www users, e.g., as a language computer owners can use to extend and control a graphical browser,^1 but in practice it provides the most value to so-called tech "companies" that are using it to control _someone else's_ browser to allow unauthorised and/or concealed data collection and surveillance.
1. https://raw.githubusercontent.com/bambax/hntitles/refs/heads...