view the rest of the comments
Unpopular Opinion [Locked]
Welcome to the Unpopular Opinion community!
How voting works:
Vote the opposite of the norm.
If you agree that the opinion is unpopular give it an arrow up. If it's something that's widely accepted, give it an arrow down.
Guidelines:
Tag your post, if possible (not required)
- If your post is a "General" unpopular opinion, start the subject with [GENERAL].
- If it is a Lemmy-specific unpopular opinion, start it with [LEMMY].
Rules:
1. NO POLITICS
Politics is everywhere. Let's make this about [general] and [lemmy] - specific topics, and keep politics out of it.
2. Be civil.
Disagreements happen, but that doesn’t provide the right to personally attack others. No racism/sexism/bigotry. Please also refrain from gatekeeping others' opinions.
3. No bots, spam or self-promotion.
Only approved bots, which follow the guidelines for bots set by the instance, are allowed.
4. Shitposts and memes are allowed but...
Only until they prove to be a problem. They can and will be removed at moderator discretion.
5. No trolling.
This shouldn't need an explanation. If your post or comment is made just to get a rise with no real value, it will be removed. You do this too often, you will get a vacation to touch grass, away from this community for 1 or more days. Repeat offenses will result in a perma-ban.
Instance-wide rules always apply. https://legal.lemmy.world/tos/
It is more secure than anything now is if used over HTTP.
Oldschool HTML isn't active, it doesn't do anything client side.
So the only insecure thing about it is that someone external can see what you were looking at.
Someone external can see what you look at, and they can show you a fake version of the site.
It can also be modified while in transit which runs the risk of the HTML data being incorrect/misleading. An attacker could also simply deny requests.
I don’t know why this comment thread keeps reiterating that we’re talking about HTML; y’all are like a broken record that can’t seem to get past this very simple aspect of the conversation. I haven’t brought up JavaScript, CSS, images, or any of that at all. I’ve only brought up the transport, HTTP.
If we really wanted to get into it we could go on about how unencrypted DNS also makes it insecure because now I can track every website you go to, redirect you somewhere else or block legitimate hosts (yes, on “HTML-only websites” too 🥴).
My point is that claiming HTML-only websites are secure even over plaintext HTTP is misleading. It would still leak all your online browsing to anyone in the middle and open up avenues for them to meddle with the stream while in transit.