Why I Don't Use HTTPS

Why I Don't Use https
by pragerfan

September 9, 2022

Recently, I have gotten some questions as to why pragerfan.com does not use https for web security. People have observed that their browsers warn that pragerfan.com is not a secure site, might be breached, etc. So I wanted to address this issue.

There are several reasons I don't use https.

(1) Data security is about protecting what you value. There is no content on this page worth protecting. All of the content is either my own work which I freely give away (all I ask for is proper attribution and a link to my website from yours), or the work of others that has appeared publicly from time to time on the internet which I have re-blogged here. If the site is breached the uncompromised content written by others is available elsewhere. Also I keep a backup copy on my PC at all times. If the site is compromised, I'll simply ask my website provider to wipe out the website and I will restore it. I can have the entire website back up and running in a couple of hours.

(2) The website is really a personal hobby and functions as an online journal. I am not a public figure. I don't make any money off of the website, I don't run ads for anyone, and no one depends on my website for his livelihood (if anyone does I strongly suggest he move elsewhere!). Again, if it is breached, I simply ask my provider to format the disk and I restore the website and move on — no harm, no foul.

(3) The site is a read-only website. It doesn't accept or process user or browser input. The site contains no ads, no cookies, no malware, no spyware, no anything, except html code and a bit of javascript used to rotate quotes when pages are loaded and to display the current year. There isn't anything in the code of the website that captures user information or personal information of any kind. You can validate that yourself by looking at the pages' source code.

(4) Like thousands of other websites, my website contains opinions that others may disagree with or perceive as controversial. If you want anonymity while reading articles on my website, please use VPN or tor.1 Anonymity is provided by these tools, and doesn't necessitate that this website use https.

(5) https is costly. It would cost me over $300 a year to host the website with https, whereas now I pay $120 a year. Given the points I make above, the cost-benefit analysis comes up short.

Perhaps there are other reasons I should be using https. I remain open to the idea, but at present there isn't a really pressing need for me to do so. While no security is perfect, pragerfan.com is reasonably secure and has been up and running since 2015. So, just configure your browser to make an exception for pragerfan.com, and you should be able to view the website without those annoying browser warnings.


1 https://www.torproject.org/