I'd hazard a guess that more people have had their password 'stolen' typing it into a phishing site with a padlock (https) than have lost it on a legitimate site without https. People were trained to trust https/tls markers as legitimate. That's not the case anymore. Https now just means encrypted not necessarily trusted. It'll take years retrain the public.
@bkool For that reason, https worked better back when certificates cost money. Now they are free.
On the other hand, all the small website owners can encrypt their website connection when beforehand they couldn't afford to do so. I don't know, I'd rather take what we have now than what we did before.
@digitalbaboon I agree that the current state is better than before. The https cert thing was a racket! But I wish we'd never gone that route to start.
@bkool I agree. I think solving the problem of identifying legitimate websites on the web with a "this website is secure" badge is like looking at someone dressed as a police officer, in a strip club, and thinking that person is a police officer.
This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!