view the rest of the comments
Unpopular Opinion [Locked]
Welcome to the Unpopular Opinion community!
How voting works:
Vote the opposite of the norm.
If you agree that the opinion is unpopular give it an arrow up. If it's something that's widely accepted, give it an arrow down.
Guidelines:
Tag your post, if possible (not required)
- If your post is a "General" unpopular opinion, start the subject with [GENERAL].
- If it is a Lemmy-specific unpopular opinion, start it with [LEMMY].
Rules:
1. NO POLITICS
Politics is everywhere. Let's make this about [general] and [lemmy] - specific topics, and keep politics out of it.
2. Be civil.
Disagreements happen, but that doesn’t provide the right to personally attack others. No racism/sexism/bigotry. Please also refrain from gatekeeping others' opinions.
3. No bots, spam or self-promotion.
Only approved bots, which follow the guidelines for bots set by the instance, are allowed.
4. Shitposts and memes are allowed but...
Only until they prove to be a problem. They can and will be removed at moderator discretion.
5. No trolling.
This shouldn't need an explanation. If your post or comment is made just to get a rise with no real value, it will be removed. You do this too often, you will get a vacation to touch grass, away from this community for 1 or more days. Repeat offenses will result in a perma-ban.
Instance-wide rules always apply. https://legal.lemmy.world/tos/
There are literally none with basic html.
It's when you started adding shit like Shockwave, javascript and the like, all massive security holes, things got dicey.
Plain old HTML, none what so ever.
But over plain HTTP without encryption (not HTTPS) was definitely not secure.
That's a separate and unrelated issue of connection encryption, nothing to do with the contents of a site. You can totally have a basic HTML page served over HTTPS
So it’s possible to bring up related issues in a thread (HTML) within the context of a post (old timey Internet). I’m bringing up HTTP because while running around saying HTML on its own is secure is true, what’s not true was that loading HTML over HTTP was secure.
It is more secure than anything now is if used over HTTP.
Oldschool HTML isn't active, it doesn't do anything client side.
So the only insecure thing about it is that someone external can see what you were looking at.
Someone external can see what you look at, and they can show you a fake version of the site.
It can also be modified while in transit which runs the risk of the HTML data being incorrect/misleading. An attacker could also simply deny requests.
I don’t know why this comment thread keeps reiterating that we’re talking about HTML; y’all are like a broken record that can’t seem to get past this very simple aspect of the conversation. I haven’t brought up JavaScript, CSS, images, or any of that at all. I’ve only brought up the transport, HTTP.
If we really wanted to get into it we could go on about how unencrypted DNS also makes it insecure because now I can track every website you go to, redirect you somewhere else or block legitimate hosts (yes, on “HTML-only websites” too 🥴).
My point is that claiming HTML-only websites are secure even over plaintext HTTP is misleading. It would still leak all your online browsing to anyone in the middle and open up avenues for them to meddle with the stream while in transit.
So is ASP, PHP, javascript and everything else.
And has nothing to do with HTML.
HTML is not HTTP.
So it’s possible to bring up related issues in a thread (HTML) within the context of a post (old timey Internet). I’m bringing up HTTP because while running around saying HTML on its own is secure is true, what’s not true was that loading HTML over HTTP was secure.