Lots of incoming challenges on Twitter from people who think all my sites should be converted from HTTP to HTTPS.
They make three main points:
- Google is going to warn people about my site being "not secure."
- Something bad could happen to my pages in transit from a HTTP server to the user's web browser.
- It's not hard to convert and it doesn't cost a lot.
I think that covers it. I list them here to prove I've been listening and understand what they say, so hopefully someone doesn't try to explain it to me yet again.
The second reason, something bad could happen -- well lots of bad things could happen. I can't afford to protect against all of them. I wonder if they ever think about the human being who is supposed to do the work? We have lives, and priorities, we must make choices about how we spend time. Maybe our websites aren't our number one priority? Even if they were, I would much rather develop new stuff than invest in protecting archives of blogs and old docs against hypothetical problems.
Nothing is going to happen to the pages themselves, btw -- they're worried about how people view the docs through their browser. If the web becomes so polluted with man-in-the-middle attacks, I can think of quicker workarounds. For example, I could send the reader a zipped archive of a website. That would be an easy place to add encryption. No need to transition all my sites. And if the problems never materialize, a possibility even Google must admit, we could make a new kind of web browser, that's another option. One which unlike Google's, will let you browse the full web, not just Google's limited idea of what the web is. I think this represents a good opportunity to get Google out of the way. If we get there it will be worth a try.
Re the third point, it's quick and easy -- it wouldn't be for me. I experimented for a few years with the idea that a domain could be the address of a document, or a shortened link. I have hundreds of such domains.
One more thing before I get to the point. Some of the people Google thinks are going to convert to HTTP have moved on. There's no one there to do the thing Google wants them to do. What then?
Why we must say no to Google
The first reason, above, is the most important one, by far. And the lack of thought and care on the part of Google illustrates exactly why it's so incredibly important.
The numbers they present are misleading, they talk about web traffic, not web sites. If you add up Amazon, Netflix, Wikipedia, Google, Wordpress, Facebook and a dozen more sites, I bet that's 99 percent of the traffic of the web. But that does not represent the size of the problem. Some sites get almost no traffic, yet the information they contain could be valuable to someone in the future. Does Google cite the wrong stat because they don't know how much of the web's content is served through HTTP? Or, more likely, they know and therefore understand how what they're trying to do, if they don't plan to leave anything behind, amounts to boiling the ocean. I don't see an alternative explanation.
Before the web, I spent a decade working on three corporate-owned platforms, the Apple II, IBM PC and Macintosh. I would say all companies tried reasonably hard to bring developers forward, most of the time, and for the most part I was able to make the transition. But, in all cases, I had a company behind me. Today I'm just one person. And in no case had I spent more than three years doing the work that required transitioning, so the job was relatively small by today's standards. Even so, given the short time, and the generally good intentions of the vendors, by the time we got to the Mac, they were already using breakage as a weapon against developers they didn't like, or who were occupying market segments they wanted to own.
Before the web, I couldn't see a way to be an independent developer, as long as there was a platform vendor who ultimately would decide whether or not I would be allowed to continue. But the web changed all that. And it's why I can point to an archive site for a tool I created in 1994 that still works. That's 24 years of compatibility. That's some kind of record in the tech world.
BTW, it's not my accomplishment, all I had to do was assure that the files stayed where they were. The accomplishment is the social agreement not to break things that we call the World Wide Web. It's like the Grand Canyon. It's a big natural thing, a resource, an inspiration, and like the canyon it deserves our protection.
So now Google points a gun at the web and says "Do as we say or we'll tell users your site is not secure." What they're saying doesn't stand up to a basic bullshit-test. There's nothing insecure about my site. Okay I suppose it's possible you could get hurt using it, I'll grant you that. But I could get hurt getting up out of my chair and going into the kitchen to refill my coffee cup. Life is insecure. When Google says my old site is insecure what they really mean is "This is our platform now, and you do as we say or your site won't work." I don't believe for a minute that Google's motivation is protecting users. They seem to believe they can confuse users (they can) and that means they can do anything to the web they like. I suppose they can do that too. But it doesn't mean the web will cooperate. Imho, it won't.
There was an old joke in the days of MS-DOS. A new version doesn't ship until Lotus 1-2-3 doesn't run. Probably wasn't true, but it did illustrate the extraordinary power Microsoft had over its then-chief competitor. This is the power Google thinks it has now over the web.
I'm not going back to corporate platforms. And I have to admit, I like this kind of fight. All my career I've had my sandcastles knocked over by small people at big companies who envy me for my freedom. The web got them out of the way. And I'm determined to keep it that way, or I'll just let them knock my sites off the air.
I saw Darkest Hour the other day. If you've seen it, you understand what I'm talking about. Even if I could convert the hundreds of domains I have on platforms that don't easily support HTTPS, even if it were just a matter of time, cost, volume of work, even if it were easy and quick as they say, I still wouldn't do it. I love the web. It gave me another 24 years as an independent software developer. What a gift. I'm not going to abandon it now. If this is where my 24-year run ends, so be it. There's no negotiating about this. Some things are absolute.