There is a new trend on social media recently. This is the act of shaming websites into to switching over to HTTPS as the default connection for a site. While I have no problem with the root idea of securing websites I have a real problem with the shaming aspect. This is about as puerile as it gets. Sure, some sites will switch just to shut up the instigators but, when we take stock of the results, does it have any real benefit long term?
To draw a parallel, let's look at the practice of shaming children.
From Psychology Today:
Shaming and humiliation causes fear in children. This fear does not go away when they grow up. It becomes a barrier for a healthy emotional life and is difficult to eradicate. If these same children become parents, the possibility also exists that the fear and negativity can be unwittingly passed through the generations.
So to draw on the analogy this behaviour can be seen to be doing more harm than good. It is really simple, grow up. If you want sites to switch to HTTPS make your case for it with a coherent argument. A far better plan than rolling around in the toy aisle crying because you can’t have the GI Joe action figure with the kung-fu grip. Do these HTTP shamers want to be taken seriously? Well for starters, use SSL on the site that is being leveraged to shame companies into using HTTPS in the first place.
Here is a screen shot to illustrate my point. Thanks to Larry Cashdollar for catching this one.
And just to be sure...
curl -v https://httpshaming.tumblr.com
* Adding handle: conn: 0x7fd9d2022a00
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x7fd9d2022a00) send_pipe: 1, recv_pipe: 0
* About to connect() to httpshaming.tumblr.com port 443 (#0)
* Trying 188.8.131.52...
* Trying 184.108.40.206...
* Failed connect to httpshaming.tumblr.com:443; Connection refused
* Closing connection 0
curl: (7) Failed connect to httpshaming.tumblr.com:443; Connection refused
The irony is overwhelming. How difficult is it to buy a domain?
I'm all for encouraging folks to use SSL but, do it in a coherent fashion.
(Image used under CC from Ranger78)