Comment

It’s my understanding that https provides encryption for the data sent between you and the server. If you’re not sending any sensitive data, then the encryption shouldn’t be necessary.

As others have pointed out, everything can be sensitive. If I’m self hosting nextcloud instance with chat that under British law should check for age… self hosting is now sensitive.

In addition to that, without a secure connection you’re stuck with HTTP/1.1 from 1999 instead of the modern 2 or 3 versions.

I also believe it’s possible to set up HTTPS encryption without a domain name, but it might result in that “we can’t verify the authenticity of this website” warning in web browsers due to using a self-signed certificate.

You can: letsencrypt.org/…/issuing-our-first-ip-address-ce…

source

Sort:hotnew top

N0x0n@lemmy.ml ⁨3⁩ ⁨weeks⁩ ago

In addition to that, without a secure connection you’re stuck with HTTP/1.1

That’s not entirely true. A lot of requests, even with https, are send over HTTP/1.1. And this is kinda mind blowing that in 2025 we still rely on something so old and insecure…

Same goes with SMS and the old SS7 protocol from 1970… 2FA SMS is probably the most insecure way to get access to your bank account or what ever service promotes 2FA sms login.

source
- falynns@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
  I can’t believe SMS is still used for anything but sure OTP sent in text makes sure my account is secure Mr Bank.
  
  source
- SMillerNL@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
  Does that contradict what I said? Sure, HTTP 1 is still widely used, but without TLS you can’t use anything else.
  
  For SMS we don’t have a choice, but if you configure your own web server you do have a choice.
  
  source