Topic: Https

A donation from Michael Mansell introduced the hosts to HTTP error code 418, also known as "I'm a teapot." This code was created as an IETF April Fool's joke in 1998 and is part of the Hyper Text Coffee Pot Control Protocol. The lore stems from early internet experiments involving webcams and remotely operated coffee machines at MIT.

The global push for universal HTTPS encryption is creating unintended consequences for users in regions with low bandwidth, such as parts of Africa. Because HTTPS prevents local caching, schools and organizations using satellite internet cannot save data by storing frequently accessed content locally. This leads to higher costs and slower speeds for those already facing digital divides.

The evolution of browser security, specifically HTTPS and SSL certificates, is being viewed as a potential tool for future internet censorship. Hosts warn that browsers like Chrome may eventually block sites that do not have "certified" news credentials. A recent expiration of the No Agenda Social certificate highlighted how modern browsers make it increasingly difficult for users to bypass security warnings.

Technology users are facing increasing "forced upgrades" from companies like Apple and Skype, often resulting in bugs and reduced functionality. The industry-wide push for HTTPS encryption is criticized as a move by Google to prevent ISPs from injecting their own advertisements into web traffic. These changes often result in slower browsing speeds and intrusive "alert" prompts on websites.

Mark Perkel announces plans to sue Google over its "HTTPS Everywhere" initiative, which labels non-encrypted websites as "not safe" in the Chrome browser. The hosts support the lawsuit, arguing that Google's policy is anti-competitive and coercive, effectively forcing small website owners to pay for SSL certificates to maintain search rankings.

Google has set a deadline for websites to transition to HTTPS, warning that the Chrome browser will soon flag non-secure sites with prominent warnings. The hosts discuss the technical hurdles of updating older websites and Amazon S3 buckets to meet these new security standards. They express frustration with being forced into these changes by Google's dominant market position.

A Mastodon server administrator encountered technical failures after a "Let's Encrypt" SSL certificate expired following its 90-day limit. The issue was compounded by Python version conflicts during the renewal process and the inability of modern browsers to easily bypass invalid certificate warnings.

Adam Curry posits that Google's aggressive push for HTTPS is a branding exercise to counter a potential Facebook browser. He theorizes that Facebook will integrate Bing search with social data to create a "safe" and highly personalized browsing experience. The hosts discuss the strategic importance of the browser to Google's advertising dominance and the potential for Facebook to disrupt the search market.

The financial relationship between the Electronic Frontier Foundation (EFF), the Mozilla Foundation, and Google is scrutinized. Google reportedly pays Mozilla $100 million annually to be the default search engine and is a major donor to the EFF. The "HTTPS Everywhere" extension, a collaboration between the EFF and the Tor Project, is introduced as a tool that forces encrypted connections on websites.

A theory is presented that the push for "HTTPS Everywhere" is a psychological and technical trick to circumvent ad blockers and prevent ISPs from inserting their own advertisements. By forcing encryption, Google and its partners can maintain control over tracking and advertising data. The hosts argue that 90% of websites do not require encryption and that the "big red X" warning for HTTP sites is an anti-competitive move to marginalize non-compliant publishers.

The Mozilla Foundation announces plans to deprecate non-secure HTTP connections in Firefox, mandating HTTPS for all websites. The hosts argue this move, supported by the "Let's Encrypt" initiative, creates a centralized point of control over the web through certificate authorities and will break many legacy devices and small websites.

A discussion on Google's decision to give search ranking preference to websites using HTTPS encryption. The hosts argue this is a "pain in the ass" for small bloggers and a form of corporate lock-in, leading one host to switch to Bing as their default search engine for better results.