Klint Finley over at Wired has an article that discusses the pros and cons of encrypting the Internet. By that he means using SSL/TLS instead of plain HTTP for every connection. It’s not a new idea. For example, the EFF has its HTTPS Everywhere program that includes a plugin for many browsers that always tries to establish an HTTPS connection even if the site defaults to HTTP.
I really like this idea, at least in principle. It makes man-in-the-middle attacks difficult if not impossible and goes a long way towards keeping the NSA’s nose out of our business. On the other hand, does it really make sense for, say, me to force HTTPS connections to Irreal? There’s certainly no first order reason to do so. There’s no sensitive data being transferred and Irreal is hardly subversive enough that anyone would worry about having the government or anyone else see what they’re reading on the site.
Of course there’s the benefit that it makes the Internet a sea of unintelligible bits and thus makes government snooping really difficult. Perhaps that’s reason enough. What do you think? Should all sites—even the innocuous like Irreal—use SSL/TLS or is the benefit not worth the cost?