... because some people need it.
Reason for this is, according to statements by various admins, that they, out of fear of the state, want to encrypt all web traffic (which HTTPS does). As long they only did this with their own web traffic and offered it to others for facultative use, this was no problem.
This is not so any more. They are now forcing others to use HTTPS. This however gives massive problems, as cryptography is difficult to implement and in particular decays fast. Which throws people with alternative or old software (or computers which use such) out of the web. No matter for what reasons they use such:
The aim here is thus, to save HTTP from extermination. Simply because many people still want to keep it or even need it. Without HTTP usable some 15 to 50 million affected users are else getting thrown out of over 90% of the web!
Attempts, to bring the web admins who dictate enforced-HTTPS to their senses, have failed for a duration of 2 years (2017 to 2019). More than 90% of those addressed have completely refused to take notice of any arguments. This mainly with the statement, that the "great danger" justifies such measures. Complaints, that the danger is neither large nor the measures justified, are rejected. The same happened to complaints, that "protection" which damages more than it protects in not protection. Thus this Plan A has failed.
Because of the above situation this awareness campaign is now being run. It is directed at the general public. It should inform people about the acts, which are being perpetrated hidden from general view. Aim is, to with this Plan B create enough pressure, to correct the problem:
Aim of the campaign is, to unite all interested parties into an alliance of the open. Aimed against the web admins, who want to completely close everything, from fear of supposed "danger". This no matter what it costs uninvolved users in loss of the web. This loss shall be reduced from in the mean time over 90% to at least below 10%.
This text has been deliberately written as basic text, covering all aspects, so as be usable as a "buffet". It can thus be linked to from other texts, so that others taking part can extract and extend whichever aspects are important for them. They can also write shorter articles, without their readers losing access to material they have left out. Because of this the text is about 40 pages A4 in size.
It has though a small weakness, in that everything is transmitted openly. This can be problematic in some borderline cases, such as with credit card numbers or accounts with passwords. To solve this HTTPS was developed. That though is complicated, because it uses demanding specialized cryptographic mathematics. It is thus difficult to implement. Usually it by lack of understanding can not even be implemented at all by most programmers. Some older and also smaller new browsers and systems thus can not offer HTTPS.
Far worse, because it is based on cryptography to hide data, it decays fast und repeatedly, even where it is present. This because the used cryptographic algorithms keep on getting broken, by cryptoanalysts. Against this problem new routines get developed, by cryptographers. Followed by these again getting broken, again requiring new ones. All this as part of the war of cryptographic hiding and revealing.
Objective of that effort is, to retire broken from own usage, before the the adversary breaks them, and also to break the adversary's ones, before they notice and thus retire them. All this with massive financing behind it, to convert the later into former, powered by the entire military command structures and the spying agencies of all countries! There is thus a continuous arms race in the cryptographic war, which makes repeated replacement necessary, what practically guaranties, that this situation will continue to remain unchanged.
(Note: Background for those, who ask why the algorithms keep on breaking: The fundamental mathematics behind the public key (PK) cryptography, used on the web, is based on creating multiple long random numbers. From these two numbers are derived with formulas F1 and F2, called public and private key. For using these applies: Data + formula F3 + public key = Secured, so that Secured + formula F4 + private key = gives the Data back. For this a set of four formulas must be created such, that the private key can not be reconstructed from the public one. And also not the random numbers, which by using Formula F2 would lead to it. Strictly speaking this is impossible, because every formula has a reverse, so also F1 has a reverse-F1! But there exists maths, where no reverse-F1 method is known, which could be computed with present day available processor power. Cryptoanalysts search for new mathematical methods to achieve such reversing using present day processor power. On the other hand cryptographers also search for new formula sets, for which no known reverse-F1 exist. There exist therefore only two types of PK crypto: Already broken and not yet broken.)
HTTPS as a protocol may now be some 20 years old, and has become widely spread since about 10 to 15 years. But the cryptographic algorithms used apparently have a life cycle of only about 5 to 10 years! This becomes visible, when phones and tables from 2012 and computer browsers from 2011 began to fail in 2018, after only 6 or 7 years. On some web sites they already bring a "no common algorithm" error message, which means that all algorithms implemented then have by now been disabled on these sites. It can be assumed because of these being broken. Or at least regarded as too weak. With a computer browser from 2003 this was in 2015 after 12 years the case on practically 100% of all web sites.
Even where HTTPS is available, it thus needs continuous software updates to stay usable. After 5 years at the latest (if one wants to use be able to use all HTTPS web sites) or 10 years (if one wants to be able to use more than a small fraction of them). With modern mass market browsers this is no problem. But many developers of small browsers or systems can not keep up with this. Older, not any more maintained, browsers or systems have no chance at all. Only a few large new ones can do this.
Using HTTPS thus requires giving up of existing and reduces choice of new computers and software. But especially software allows massive choice, because it can be written and copied by many. It is free of limitations from mass production and its financing. Only a single development needs to take place, after that the rest is only copying. The entire Open Source software (such as Linux) originated from this.
Such choice is already endangered by featurism, because this increases the work to produce software and thus reduces the choice offered. But this problem only applies to specific sites, which use new features so badly, that they fail to support older simpler browsers. Such failure is also graduated, from not optimal rendering, over single features failing, up to the entire site becoming unusable.
Cryptography and HTTPS, with their difficult technology and repeated replacement, add massively to this effect, and always with the result of total failure. That massively increases the bad trend. This with in the meantime the large majority of over 90% of sites being affected, not just single ones. In the end what choice remains is a small selection of large mass taste software.
But cryptography and HTTPS are not really needed for most applications. One can avoid them for normal web usage, by continueing to use HTTP. Only for a few special sites, where HTTPS in necessary, one can use a secondary browser or even a secondary computer. Or simply not use such sites, don't use web shops with credit cards (only such with payment per bill), don't have critical web data with accounts and passwords (uncritical only for preferences are no problem). For all other sites one could continue surfing with HTTP, which is most of the web, way over 90%.
That is how it has been done for decades. HTTPS only used by those who wanted its special features, but avoided by those who didn't need it, because they only did things where it was not required. Everyone lived as they wanted and could and let others live how they want and can. This for a long time was no problem for anyone, all could arrange themselves with it and choose what was best suited their requirements.
The situation has changed now. Since about 2015 ever more web admins are enforcing the use of HTTPS. These admins demand that HTTP has "got to disappear", all web traffic must be with HTTPS. They enforce this by closing down HTTP, thus making access to their servers impossible. To stay inconspicious, instead of giving a visible "no server" error message when HTTP is used, they usually place an underhanded HTTPS Redirect (automatic detour). Browsers which can use HTTPS follow this detour silently. The majority of users, with sufficiently new mass market browsers, notice nothing of this measure. But this forces all users to take part in HTTPS, no matter if some of thems browsers fail because of this, no matter how large their problems become.
Such web admins usually also allow HTTPS only with the newest crypto algorithms. Old ones are not even allowed as a fallback, despite HTTPS providing for this, and simply prefering newer if these are present! This only newest is so, because the sort of admins, who close down HTTP as a "great danger", have already before disabled old algorithms, because they consider these as "too old" to also be "danger". With which they destroy backward compatibility maximally. A quote from one such admin: "I only use the best algorithms" (which together with his "newer = better" thinking also means "only the newest"). Another quote after: "Open is not at all such". (Which suggests, that the algorithms, which they have switched off after a few years, may not even have been broken. In addition to enforced-HTTPS this is thus also enforced-newest-HTTPS, with the former only laying the base of the problem, and the later making it far worse.)
This results in pressure on everyone to repeatedly update to newest HTTPS. No matter if they could get into problems because of it. No matter how large the problems. No matter if some do not want to or even can update. No matter that for some it means being thrown out of the web. Criticism of this behaviour simply gets answered with "go and update", with an implied "do what we say dumb user". Criticism that this is not always possible is simply disregarded. And because of the underhanded Redirect the majority doesn't notice anything. It remains an act hidden from view, despite in the meantime being widely spread:
Even worse, this trend is starting to expand from the web to mail, with enforced-TLS there. With same problems should no TLS be available, or it is just too old. I first heard mention of this in 2018 and met a first case myself in 2019. Mail with enforced-TLS thus has about the same spread now as the web with enforced-HTTPS had in 2015.
Also later in 2018 I heard first time of plans, to fully encrypt the basic network as such. This would not just kill most of web sites and increasingly mail, but simply 100% of all net services. It would so be even worse.
Should it continue like this, the result will lead to exclusion, from the web and mail, or even the entire net, of all users who do not or can not upgrade their systems, as demanded by such admins. Strictly the World Wide Web (that is what the WWW means!), which was open for all, is secretly getting replaced by a crypto limited web, in which only those who use sufficiently new crypto will be entitled to access.
Anyone who understands what the net has given all, and how many today rely on it, recognizes how such a throwing out massively harms all affected. As consequence of this the affected are now defending themselves, against this damage being inflicted. At least those who know about it. This campaign exists, to show up a mainly hidden problem and to get it corrected.
(This is for me an important point: Both my phone and tablet, from 2012, are from manufacturers that do not exist any more. Therefore there are no updates and am getting ever more problems on web sites with too newer HTTPS.) (Addendum 2023: Both have by now become unusable on the web, tablet became entirely useless and scrapped, phone can only do calling and texting.)
Specially for people with little money the Internet is extremely important, because otherwise they have little. That situation also applies here at us, as ever more things end up on the net because of providers cutting cost. Old paper versions completely disappear, or at least get burdened with ever more and increasing charges. So losing access to the web makes such things more expensive or even entirely lost. Without a computer getting pushed to the side of society, or even entirely thrown out, is in the meantime known as Digital Divide. This is now getting increased, already to those without a new enough computer. Those affected by this want to keep what they managed to achieve.
(This is for me an important point: As weak case of Asperger I prefer graphically simple older browsers and mailers.)
Same all who want to keep an old phone with a real keyboard, because they can write faster on it. Or those who on existing computers have old programs, which they want to continue using, but which do not run any more on newer systems, because these have been extended in incompatible ways. These users want to keep what in usage fits better to them.
Be this because old software user interfaces fit better to some people. Either because they leave more screen space for seeing data, or simply distract less by interface widgets. Or because some people prefer the those days characteristic visual styling and/or the those days fonts. Or because they like the simpler structure, with less featuritis or even misfeatures, and without the power requirement needed for features.
Be this because they don't want software with virus endangered data formats which contain scripts. Which even applies to JavaScript in web pages, which some people switch off because of this. Or because it is too often misused for annoying effects. Because they prefer to have safe and stable base functionality, instead of marketing effective but deceptive decadence. Or especially after having known old robust reliable software, do not want to use modern brittle bugware that is full of holes. Same don't want to have their auto-updates, which are necessary because of the many bugs in modern software, but can block the system even in the middle of an important operation, even when explicitly stopped with "not now". Or when, after at long last finding all update off switches, the software at every start complains about missing updates, its writers treat the users as a nanny.
Because of such not everyone has an "always the newest" attitude. Some want to explicitly use better fitting older. They doing this accept technically given limits, from slower processors and networks plus smaller memories and disks plus missing features and no scripts. They expect that thus some feature-rich Web 2.0 platforms fail, but also that simple web sites including wikis should work.
Forbidding such would be analogue to the department of vehicles forbidding all old-timer cars, or the building planning office forbidding all old houses. Forcing all people thus to use new vehicles or new buildings, would rob all users of the preferred character of the old. More analogue to the situation here would be, should the roads department get infiltrated by electric car extremists, it would gradually dismantle all access to petrol stations, as a means of forcing people to switch to electric. Which though would make all old-timers unusable. Followed by reacting to complaints by their users with "go and upgrade".
Doing such, without public discussion or agreement from this or law demanding it, would result in massive protests because of despotism of the officials. Similar wanting to use old is now an increasing trend in retro computer and retro software users. Forbidding this is the same despotism of admins. These users reject this, want to keep what fits in style to them.
(This is for me the most important point: I prefer retro software for simple user interfaces and robust design. This is also why this site comes deliberately with a retro web styling and logo.)
Today saving electricity and reducing CO2 may be the fashionable issues, but some people despite this regard reducing waste as more important. This applies in particular to electronics waste, containing heavy poisons in some components. Also at their production massive amounts of water poisoned with heavy metals occure, which has to be purified with energy intensive electric filters. One note here how long solar cells need, until they have produced more electricity than their manufacture costed. (Note: Bonus points go to "environmental protectors", who just to save energy forbid poison-free incandescent lights, to force changing to mercury-containing CFL lamps or arsenic-containing LED lamps.)
Consumption of raw materials is even more problematic, because some of them are running out and once gone will not come back! Which is why some people want to reduce this. That in particular since the highly questionable forbidding of lead-based solder and its replacement by silver-based. By which one of the fastest depleting and most difficult to replace raw materials gets used even more. (Note: Bonus points go to further "environmental protectors", who waste critical raw materials like this, just to save gramms worth of lead bound to tin in electronics, despite the kilogramms worth of pure lead in car batteries.)
Even if using anything new is acceptable for someone, even without any financial or technical problems, some regard the environment as important. Thus not everyone wants to throw away and replace computer and tablet and phone every few years. Not everyone believes in the turnover and profit maximising "every 3 to 6 years new" thinking, no matter how the environment gets poisoned and used up by this. Some know, that even 10+ year old devices can work very well. Even if the faster aging silver-based solder is reducing this. (Note: Bonus points to the second "environmental protectors", when one considers that with faster aging more electronic components get scrapped, in which are far worse poisons than lead.)
Thus some want to fully use their devices until the end of their lifetime. Some even want to specifically pick up what others have discarded and use that up, because such continued use is the most effective recycling and thus also the best. Should the need arise, this also by combining multiple broken devices into one functioning specimen, or even scavenging very broken ones to obtain replacement parts for repairing others. Which all results in using older stuff. These people want to conserve the environment instead of straining it more.
(This is for me a further important point: I consciously use what others have discarded. That is also why this site comes deliberately in simple HTML which is also readable on all old stuff.)
Especially since todays "cheap is best or even everything" thinking has destroyed most alternatives, some people prefer to refuse buying new and continue to use existing. Or even pick up and use what others have discarded. Even those who have no problem with the regime may, because of environmental impact, not want to transport things around half the world. Or they want to, even without environmental interest, simply support local jobs instead of imports. Both of these all though it is more expensive, with for this saving up money, instead of spending it on unnecessary replacement. These people want to either from boycott or saving reasons reduce unnecessary buying where possible.
Not everybody has such a throw away attitude towards data, no matter if already existing or still coming. These know that only as many as possible distributed collected and stored copies can halfway secure continued existence and availability and so at least alleviate this problem. Explicitly creating such copies by downloading entire web sites, puts a massive load on these, and is highly disliked by their operators, up to them locking out people who do this. Creating such copies piecemeal, of only what one fetches anyway, is thus a better method, but a lot of work. This can though be simplified by using automatic archiving.
Enforced-HTTPS though sabotages this, because browser external web cache programs, which can be used for this, are dependent on protocolling and storing the web traffic as HTTP proxy. Which the cryptography in HTTPS prevents as "spying". These archivers want to keep their past and continue to record the coming future.
(This is for me a further important point: I use a web archive since decades. Some web pages important to me I can only still read thanks to my archive. That is also why this site comes deliberately in simple archiveable and surely staying readable HTML 3.0 and is without any JavaScript, or even worse dynamic pages. Also as one single file, so that it even without web cache can simply be saved.)
Many notice even less, that the sum of all affected adds up to a large problem, so don't defend themselves. Above 3 to 10% (middle 6%) of somewhere 300 to 1000 million Internet users (middle 600) are after all 0.06*600=36 million, so with same scatter about 15 to 50 million affected are to be expected! (Even with only 1 to 3% (middle 2%) assumed, this would still be 0.02*600=12 million, with scatter 6 to 18 million.)
Worse, this is even the case after 20 years of using HTTPS. That because of the rapid decay of cryptography, with observed algorithm life cycle of only about 5 to 10 years, and completely deficient backwards compatibility, but with even 10+ year old devices remaining in use. It will, because of this contradiction, likely remain constant at above 3 to 10%! Socially important infrastructure can not be built on top of something so brittle, may not expect such.
The problem further gets underestimated because of very misleading non-expressive error messages. Such as "Network error" or "Protocol error" or "Connection failed", which contain no reference to cryptography as cause. Or possibly "No secure connection could be established", or better "No common algorithm", which at least point to cryptography, but do not say that this arises only because of decaying algorithms. All this often only with an "OK" button available, despite this not at all being OK, with neither "Use unsecure connection" nor a more neutral "Abort" being offered. This followed by not getting any page.
(Note: If a page does come, which gets rendered wrong, or with error messages, or user interface fails, this is not a case of the HTTPS problem, but just that the too new data format is not being understood. In particular with use of JavaScript, without fallback to simple HTML, for users who block JavaScript, to eliminate abuse of it.)
Such happening often enough results in an "oh doesn't work anymore, computer/tablet/phone seems to be too old and used up" attitude. Followed by discarding it, because an "one can not do anything else" situation exists. The result, depending upon circumstances, is replacing or going without, but definitely a loss. Bonus points, when some people through this lost access to web sites with data which is important to them, or even lost editing their own web site, had to replace to prevent this happening. No matter what replacement cost in sacrificing other wanted purchases. No matter if they could not even replace and so lost-out permanently.
Only a few affected recognize, that they have become victims of a deliberate lock-out and of an underhanded expropriation. Here we can expect large dismay and protests, as soon as all this becomes known, as people notice, that their losses were not technically unavoidable, but were only politically motivated inflicted upon them.
Considering that the "great danger" is usually irrelevant, such out-casting of so many millions from the web is totally inappropriate. Everyone should be allowed to freely decide on their situation, as it fits best for them. Everyone should be allowed to have their own estimate. Both of the danger and of the use of HTTPS against it, as also of the losses and the costs of these. No matter if in keeping devices, or keeping to financial limits, or using equipment, or keeping features, or using fitting software, or being able to learn, or conserve the environment, or decide on buying, or archive web, or preserve bandwidth, or scanning web traffic.
This followed by being able to live out their own decision and priorities, including being allowed to have a "this danger is irrelevant to me" attitude. With then using what is fitting for them. Nobody may force their views upon others, because that is making up their minds. Nobody may lock-out others, just because they consider an important to them "great danger" to be neglible. Because of that this campaign has been initiated, to make these hiddenly committed deeds known, get people up against enforced cryptography.
But such admins have developed a mistaken belief, that the state intends with this to undermine and attack the entire population. They have developed panical fear of this web surveillance. This "great danger" is in reality completely insignificant for 99% of normal people. The state only has limited resources of finance and staff and so aims these mainly at persecuting criminals. From recording they only get thousands of millions of surfed URLs, which results in a massive pile of data. They thus can only filter the records for patterns, which could possibly suggest a crime, simply because reading all of them is impossible.
(Note: Background for those, who ask how such filters work: Possibly relevant data is buried among a large multiple of irrelevant ones. This is not any more looking for a needle in a haystack, which is easy to do with a magnet, but looking for needles with specific rust patch patterns in a pile of other needles with other patterns! Because of this many tests for various possibly relevant patterns are used, both word combinations and sentence structures of the data, as also time and sender/receiver, but also connections to other data. All tests with a "0..100% fitting" result, which is known as "scoring". For all these tests each individual can also trigger on irrelevant patterns, such as a search for describing an planned attack also triggering on reports about a committed attack. Principle is, that relevant data will trigger more tests as positive and/or those stronger, than just accidentally similar but irrelevant data. For this average values and peak values of all tests get compared. Then a certain percentage of top test results are given out to the personnel, which assesses them. The filter techniques are comparable with those in spam filters. Just that spams let through are only annoying and wrongly deleted non-spams usually not a catastrophy. While here not discovered attacks cost lives and wrongly given out non-attacks overload the personnel and so possibly prevent discovering real attacks. To improve the filters the best language analysis researchers are recruited directly from universities.)
Despite this they often fail at finding crimes before they happen, but after an act has happened, they can search for traces of it in the recorded data. Mostly data is only collected for later use. As with any not prevented attack, but only hours later the perpetrators are identified, a feat which no investigator could ever achieve. So this act and the perpetrators were already present as traces in the data, but they were not filtered out before, simply because this is difficult. Only with knowing about the act did the connections become recognizable.
No one needs to expect negative consequences from this recording, unless he is massively sticking out. Normal people who surf normal sites have no need to hide anything, because they get filtered out anyway by the scoring, in the states own interest of not getting personnel flooded with irrelevant data! Committing severe crimes sticks out the most, but that will assumedly have consequences anyway. Normal over 90% of all people do not get into this situation anyway, so they are not in any danger. That because all types of breaches of the law get filtered out, which get perpetrated by even only 10% of people, while perpetrated by 1% are more likely recognized, the safe border is likely around 3%.
Such surveillance is wanted by many, exactly because they feel safer with it, no matter whether cameras recording or net filtering. Laws and budgets for such get enacted, because they are desirable with the majority of the population. This despite that officials are already drowning in too much data and since years do not want to have any more! But politicians enact ever more such laws, exactly because they sell well in the fight for votes.
But such web admins regard themselves (and all other people!) as "massively endangered" by this surveillance. Thus they want to exterminate HTTP as a "great danger". They consider HTTPS to be the only salvation from this "danger", because it is closed. By which they are actually implying, that they (and all others!) are surfing extremely questionable web sites, which when filtering for suspicious persons would be discovered, and thus want to hide themselves. Only a large section of admins behaving so disproves this straight conclusion as statistically unrealistic. This is more likely a case of widely spread loss of reality. It comes from them talking each other into believing their fears, outdoing each other with reporting the newest scary imaginations, by now running over years, thus stirring each other up, until todays derailment.
Compare this effect with the once widely spread massive fear of airplane crashes. These are (and were) in reality less dangerous than traveling by car to the airport. One only needs to compare the thousands of air crash deaths per year with the millions of road accident deaths per year, to see the difference. A statistic, which even with less people flying than driving still made the latter less dangerous. But spectacular reporting of crashes resulted in an actually small danger getting massively overrated, due to the resulting one-sided over-information (all air crashes reported, but only a vanishingly small part of road accidents), which produced an unrealistic perception as larger danger. It took multiple decades until at a more realistic view gained acceptance. The same overreaction has been repeated with terrorism. Again only thousands of deaths per year, but reported with just as much spectacle. Here also, after initially large panic, only after over a decade a more realistic view surfaced.
The same applies now with surveillance supposedly being a "great danger". Despite not even any deaths happening, so no spectacle from such! Here, as far as observed, instead of external reporting an internal group dynamic is in effect. This originating from an extremist section of the American civil rights movement. This movement regards itself by principle as potentially being persecuted by the state. They want to prepare, for if or when the state becomes a dictatorship. In the extremist fraction this expands into believing, that the state is already today persecuting all. They want to thus defend and fight against it. This section is even inside the movement known as the "lunatic fringe" (which clearly names them for what they are).
The more some web admins got infiltrated by such thinking, the more they have talked to each other and thus confirmed their fears. The social media echo chamber effect taking place. After ever more of them looked out for signs of danger, have so stirred themselves even further up. The social media filter bubble effect taking place. They have also infected others, so that ever more tipped over and infected others further. Which leads to even multiple effective feedback loops, driving depth and width, deepening and spreading this fear as a viral meme, exponentially driving itsself up a spiral of fear, creating an entire subculture of fear. Result is a massively distorted perception of a micro danger, followed by a complete loss of reality, up to developing paranoid insanity.
This is the insight gained from multiple years of discussion with some such web admins and observing how they argue among themselves. This includes hearing their repeated claims that, they are not insane, just "paranoid to the proper amount". Which they claim is something good, regarding it about about at the same level as "being cautious". Please ignore, that paranoia is simply a short term for paranoid insanity. Also ignore, that their "proper amount" is offbeat by a damaging amount.
If this only pertained to their own surf traffic, it would not be a problem. If they operated their personal sites with enforced-HTTPS this would only pose a small problem, because affecting only their sort of people as readers. Everyone shall live with what makes them happy, everyone should be in a position to arrange their life as they want to. Even if this is slinking away and hiding themselves from empty fear. Here the old saying of "live and let live" should apply.
In the meantime however they enforce and propagate enforced-HTTPS also on sites, which are used by people, who are not part of their circle. This becomes a problem, because these other people get locked out, if they do not have HTTPS, or even just have a too older version, for whatever reason. That gives a case of a security measure which creates way more collateral damage that in prevents, because it creates a total loss, despite for most people only preventing an insignificantly small danger.
Which is contra-productive, like so many other security measures in recent times. All too often only the advantage aimed for gets seen, the costs of side effects get ignored or at least are undervalued. That likely because measures which were ommited hit those responsible with accusations or even punishments, but collateral damage "only" hits others, and can simply be passed off as "necessary" with the universal excuse of security. In this it is even irrelevant if the measures actually work, so long as those who elsewise would make accusations believe in them. All of which is not a new insight, but repeated observation with the many security panics of the last decades.
People who deploy such measures, should thus advance cautiously and look out attentively for any problems that they could create. Such a procedure was failed here completely, those responsible not recognizing, that some people do not want this "security", because they prefer to continue to use HTTP. For which it has to stay open. Everyone should be able to live with what makes them happy, some hidden, some open. Here also applies "live and let live", on both sides. But this is not allowed any more by the web admins using enforced-HTTPS, their "important" measure is forced onto all.
Such web admins could initially have acted out of desire to protect people, but with ignorance of the consequences. Though such consequences could have been prevented with enough caution. But panical fear produces a feeling of being attacked. This reduces from the intelligent but slow greater brain to the faster reacting but limited reptile brain, which is known as regression. That prevents higher thinking and thus also empathy, suppresses respect for others and any caution coming only from such. Which is also known as "fear eats the soul". This is also seen in any case of discrimination, where fear of a specific group of people leads to "defensive" behaviour, which harms other "similar" but uninvolved people, and also prevents recognition of this error.
But such lack of knowing ended as an explanation, at the latest when they were criticised by the victims, thus the damage became known to them. They should have reacted to that by recognizing the problem and again opening up HTTP. Latest after this problem repeatedly being pointed out, so that being surprised by something new is not limiting their vision. Because this was not done, their "protecting people" reason becomes a lame excuse and no longer usable. Because "protection" which harms more than it protects is no such, and is to be rejected. Here also "live and let live" applies, on both sides.
Such web admins carried on regardless. From their mistaken belief, that this is a "great danger", with the claim that such "justifies" their enforcement. Even after they knew, that they are banishing people from the web. Even after what is happening was explained to them and why that is unavoidably so. Even after they were confronted, that their "great danger" is in reality only a meaningless micro danger. They reacted to the criticism of their behaviour and damage with total rejection.
(Note: Which is why democracy as its most important elements, together with freedom of opinion and freedom of speech, also contains representation for all. Exactly to prevent such dictatorial behaviour, by creating a state, in which anyone can both know of a life fitting for them, and are also allowed to strive for such. That is the case since centuries, because these are not new insights.)
Since they believe, that from recognizing the "danger" they have achieved the total truth, they know all even better. Their "correct" view must therefore forcibly be implemented. This specifically against those "unreasonable" users, who "endanger" themselves by using HTTP. That because those "unreasonable" users, by criticising something important like security, have clearly demonstrated, that they are "obviously" stupid or insane, are not to be taken serious. They must therefore have their life determined by the all-knowing, for their own security. Only who recognizes this party line as true, and follows it, gets respected. In reality all typical of behaviour which fits paranoid insanity, which together with know-all has become fanatism.
Contributing to this is, that many admins have decades of hearing and passing around "dumbest user at hotline" stories behind them. Some of them do not recognize these as the bottom 5% of users, and regard them as representative, ignoring the middle 90% and top 5%. They thus regarding themselves as "better" than the entire "stupid users". Such views are not at all seldom. Especially because users usually have less special technical knowledge, which in effect can be confused with being stupid, especially if one is unattentive. From believing, that "stupid users" are the normal case, getting to "stupid people" as root of this "stupidity", and thus the "better ones" "must" make up the users minds for them, is just a small step on leaving the straight and narrow path.
Some admins even use knowing the damage as threat, instead of for insight, to push through their "go and upgrade" demands. One extremist even went as far as extortion. He explicitely denied an affected user access to information on his communication service, about where the user's group of colleagues newly meet. Despite that he thus loses contact with his colleagues (and they also lose contact with him)!
This is thus not any more a case of ignorance. Is getting continued in full knowledge of its consequences. It is a pure act of inconsideration, coming from their ideological blindness. They believe in having to forcibly bring luck to all with cryptography. Whether this brings them luck, or they go under from the resulting exclusion! All this without any legitimation of their actions, or even just public discussion about it, let allone any agreement regarding this. This just gets dictated by them, self-willed and high handed, no matter the views of others. The behaviour of fanatics, who become dictators. With this behaviour they have become enemies of a free society.
With which they become similar to comparable types of officials, just (mostly) payed privately not publicly funded, but apart from that the same type of persons, the same behaviour. Absolute power corrupts absolutely. They are even worse than most officials today, because of less public influence from outside on them, which limits their power. They are more comparable to royal officials of 100 to 300 years ago. Both have the mistaken belief, that they as insiders know everything better than the entire rest of the world, thus may dictate to them. This despite for real as one-sided being ignorant. That is pure snobbishness of these "better" ones, although both actually know far less than all other people put together, but they have a power position and exploit it.
In 2017 and 2018 over 90% of addressed admins expressed above reactions to my questions and criticisms! Less than 10% reacted with insight and allowed the use of HTTP again. The large percentage of admins behaving so also disproves the straight conclusion, that all are suffering from paranoia, as statistically unrealistic. For this to be valid, the problem would have had to spread itself epidemically. A certain number of admins may have only thoughtlessly followed a "This is how one does it today" teaching, propagated by above and spread uncritically by some professional authorities.
(Note: One regard here, that due to the rapid growth of computing, the majority of professionals have below 5 years of job experience. The less experienced regard anyone with only slightly more as an authority. Even the professional press has for decades consistently shown far more interest in showing up what is newly available and how one makes use of it (including what new dangers have appeared and measures how to fend them off), than in questioning and criticising false developments (including questioning the amount of danger and criticising inappropriate measures). Which all favours such spreading.)
The above 90% could therefore be a statistical deviation. My current estimate assumes surely above 10% but below 90% of insane, with the rest thoughtless. Not determinable which type are below or above 50%. (This especially as a large majority of those addressed by me are either members of, or at least environ of, a group named CCC, which seems to be the largest distribution vector of the panic in the German-speaking space.)
But no matter which type dominates, the loss of over 90% of web sites is clear. As a consequence of the damage, adding up from ever more loss, we victims are now defending ourselves against this false behaviour of web admins. We demand from all admins, that they shall accept a responsibility fitting for a power position. As part of this they shall respect the freedom of others, and allow all users to decide what they want and need. That includes also accepting, that others may have their own views and are also allowed to live them out. This even if they themselves do not share these. Here also "live and let live" is to be followed.
They should thus continue (or by now rather recommence) offering HTTP, so that the web stays usable (or rather becomes so again) for all. This should actually be natural in a free society. Everyone may do what they want, so long they do not hinder others in doing what they want. The majority of addressed web admins have however become fanatics and fail to accept this. It is thus acceptable for them, to force their views on others from a technical power position. Same also to propagate such behaviour to other admins. They reject also any criticism, because they "know all". This also prevented reaching through them to at least the thoughtless ones with criticism. This problem can thus now only be solved by applying external public pressure. Doing that is the aim of this campaign. It shall show up the deeds being secretly committed, thus building up public pressure, to get these corrected.
DUL is based on the observation, that most legitimate mails are sent indirectly through an outgoing mail server with static IP address (because Microsoft's widely spread mailers are not capable of sending directly and many others copied this), but many spams are sent directly from PCs using their dynamic IP addresses (because lots of spamware avoids using the outgoing mail servers). This is thus only a statistical correlation, not a causal relationship!
But in the DUL filter "dynamic IP address = spam" is strictly assumed, with the result, that all directly sent mails are considered as spam and get rejected. This often without even transferring their content and testing it for real spamminess, with DUL as the only test criterium, despite it being Broken As Designed (BAD). While with content based filters some legitimate mails perhaps go lost, here for directly sent mails systematic loss is guaranteed! With this communication is not just disturbed, but completely prevented, hitting both the sender and also the receiver.
Such losses are known as "false positives". They appear unavoidably with all techniques, which instead of assessing mail content, are based on network side effects such as IP addresses or host names, which are known as "meta data". They are thus to be avoided, at least if one respects one's users communication.
But every profession has a worst group. In the entire computing world these are the mail admins. Best case the Majority DUL admins are so incompetent, that they don't even recognize how they are creating false positives, worst case they simply don't care. This insight also from quite a few years of discussions with quite a few of them. They were this consistently for 15(!) years, from 2000 to 2015, when DUL at long last was disposed of. Exact from 2015 on the enforced-HTTPS web admins have taken over this bottom position.
This causes all who send their mails direct, without detour through an outgoing mail server, annoying work to circumvent it. Some want to use direct sending, because it is the better method, it saves a lot of expenditure and problems. The entire system of outgoing servers, with failures and abuse of such, SMTP auth accounts with passwords to prevent abuse, followed by TLS to secure those. (Which all only became necessary because of Microsoft's defective mailers, where lack of direct sending had to be patched up with this massive technological and administrative expenditure.)
Bonus points, that DUL is a variation of the DNSBL technique. This technique, in the original MAPS version, listed only the static IP addresses of mail servers of known spammers and so blocked mails from these. Spammers answered by abusing open relays. These were misconfigured mail servers, which anyone could use as outgoing, without any authentication, which also allowed spammers to abuse them. Mail admins reacted with ORBS, MAPS extended to open relays. Aim of ORBS was to put their admins under pressure, to configure properly, by blocking mail from all their users as collateral damage. This is strictly a form of coercion, and thus criminal. After reconfiguring they were removed them from the list. Just that took way longer than getting put on the list by some activist bent on revenge on "spammers helpers". This even if no misconfiguration was present! A colleague at an Internet Provider had to cycle his mail server through a block of 10 IP addresses to upkeep his users ability to send mails. (Good look if you did not have Microsoft, and were capable of sending direct, thus avoiding ORBS.)
Spammers answered by using computer viruses to hijack random computers as relays. Most virus development is financed by spammmers, causing all the cost of anti-virus measures. Mail admins reacted with DUL, ORBS extended to random dynamic addresses. It so hit all direct sending users, no matter if correctly configured, and without any removal from list. This is a case of "similar = guilty" thinking, and thus strictly a form of discrimination, even worse criminal. This with the address/address-type of the sender as only criterium, comparably affecting direct senders as using living address as a substitute for race/religion/lifestyle! DUL was condemned already in 1997 by DNSBL inventor MAPS, because of the systematic losses it produces and advised against it. Despite this many mail admins in 2000 to 2005 introduced it, until over 90% of all mail servers were affected. Followed by over 90% of these admins rejecting criticism. One notices parallels here.
(Note: Notice here, this problem can only occur in spam filters which run on mail servers. All filters running on your own PC, in a mail reader or anti-virus package, can never have DUL, nor any form of DNSBL, nor anything based on IP addresses, also no enforced-TLS. These filters are based solely on the mail content, words and combinations which suggest spam content. And they use the existing and available computer/tablet/phone processors, instead of loading up expensive server processors. This is anyway the better method, unless the network from server to computer/tablet/phone is very slow or expensive. That stops only few mail admins, from considering their filters as "better" than the PC admins one's, despite them often using DUL nonsense to save processors. Even more parallels.)
All this was "only" collateral damage from a by design defective method, which was used for cost cutting plus indifference, or simple incompetence. It was not the result of a desire to enforce "only through outgoing", so circumventing this was possible. Also DUL died largely in 2015, at least in its worst "reject without testing content" form, reduced from over 90% to under 10% of all mail servers. With Gmail as first of the large ones already giving up rejecting in 2013, but GMX as last of the large ones still using it in rejecting form in 2023! Partially it is still used next to other mail content based tests. This "only" still results, if influencing the evaluation to strongly, in risk of misclassification and mails landing in spam folder, instead of them being rejected and the manual work of circumventing. But even from this recievers can overlook and lose mails. Gmail is known for this, as seen in 2019 with two different recipients there.
(In 2019 a slight increase in use of "reject without testing content" is again being observed. At least when I send mails from my phone, although not when sent from home. This includes also Gmail using it there again. This could point to simply using an DUL list without my current home provider in it. On the other hand they also classify some mails from home as spam, as soon as a link is in one! Which would either need an unlikely general "no mails with links" policy, or a link+DUL=spam formula, for which my home provider would have to be in their DUL list. This though rated as lesser, thus only placed in spam folder, contrary to my phone provider, where even without links they are totally rejected. Which suggests them using two separate DUL lists and filters.)
Enforced-TLS makes this far worse. It also kills off all mails without transferring content or looking at it. But it also prevents any form of circumvention because of cryptography. Which even the admin from whom I first heard about it, in 2018, indirectly admitted. After he had heard of techniques to circumvent DUL, he commented, these are not possible because of TLS! He claimed then, that enforced-TLS is today the case everywhere, despite me, as direct sending user, having up to that time neither heard of it, let allone seen it. (I met a first server in 2019, and could promptly not send there any mail, as expected.)
This especially hits people who, because of wanting to avoid cryptography and the unavoidable updates for it, don't use outgoing servers, to avoid SMTP auth accounts with passwords, and the TLS needed because of them. These want to send direct, but enforced-TLS hits them just as damaging as enforced-HTTPS. Thus TLS-less mail should also continue to be offered. (Addendum 2023: I have since not met any more such. Which demonstrates how far above admins perception deviates from reality. He and above first server admin seem to really be super-extremists.)
(Addendum 2023: Unfortunately the mail situation has not returned to harmless. Mail admins have invented another Broken As Designed IP Address based method called SPF. This seems to aim specifically at forcing everyone to use outgoing servers, and even only allows those with IP Adresses flagged by the DNS admin of the domain in the users mail address. This to then use ORBS-like blocking of those servers, with all users with mail addresses in that domain as collateral damage. Of course this completely destroys sending direct to avoid cryptography, thus striking just as bad as enforced-HTTPS or enforced-TLS. 2023 Gmail has added this, with 100% systematic loss, as first large mail site. Their error message claims, that any mail without such "Authentication" is supposed to be "a danger to Gmail users and also the sender(!)". This demonstrates, that they in their echo chamber of anti-spam activists have become comparable insane and over-reacting as enforced-HTTPS web admins. Some activists are propagating SPF as standard for all to follow, thus creating an exact repeat of the enforced-HTTPS situation with Wikipedia in 2015. Meeting this became the trigger for the entire 2023 addendums.)
On one hand spying is done systematically by the state, to record and analyse connections. But this only creates a massive pile of data to filter possibly threats from. This for most people is not relevant, because they are not the target of it and as such explicitly get filtered out by the scoring. (Also the state can selectively record specific persons. They can also filter these in more detail, as far less data is accumulated from them. But this only applies to conspicuous minorities, so is also irrelevant for the majority of users.)
On the other hand spying can be done by private persons. Usually by cyber criminals to obtain credit card numbers, or saboteurs to get at account passwords. Such is regarded by real information security people as the far more meaning-full problem. But with above web admins this risk practically does not appear next to their fear of the state! This spying can actually hit any random user, but it is not relevant for most normal web sites. It only becomes relevant at special sites, where one uses credit cards in web shops, or edits web sites with an account and password. The latter case is considered by information security people the more significant problem, because of spreading false data in the name of someone else who is trusted. (Also there are unscrupulous competitors, who are engaged in industrial espionage, should one communicate over the web, but also when transmitting mails. But this also only applies to specific minorities, so it is just as irrelevant for the majority.)
Crypto is therefore simply irrelevant for way over 90% of all people in over 90% of their web traffic. There exists therefore no reason, why everyone should only go onto the net with the equivalent of an armoured vehicle, or even such of always newest military grade. Even less justification, to force such onto all users for their "protection". (Far greater danger comes anyway from direct server intrusions to get at data. Or indirectly from client intrusions, including by virus infections, to get at data or passwords. And even more danger from tricking out users with techniques of "social engineering", to get at either. Against which crypto can not work at all.)
Some still feel threatened by this, even with random web traffic, thus want to use cryptography for everything. Despite that cryptography only hides the actual requests, who fetches which specific URL (and possibly any credit card numbers or passwords send with it). It does not hide the content of the site itself, which is still open to fetch (except from private sites with access only with an account). It also does not hide, who fetches something from which server or how much they fetch, only exactly what gets fetched. It is also partially possible to draw conclusions, from how much data to what data, which is known as "traffic analysis". This is thus usually neither a real danger, nor a complete protection!
Despite all these limits the crypto fanatics treat this as a panacea and reject any criticism. Most likely because getting a grip on their fears demands this, but entertaining arguments endangers that, from which they get even more fear. Thus such web admins think, they "have to" force crypto on all users for all web traffic, to protect them against the "great danger", no matter what the real danger from this is.
Compare this argument to the following hypothetical case: If securities, because of the "great danger" of security cameras, would demand, that everyone must walk around with their face concealed by mask or veil. Followed by locking the doors to businesses, where they are employed, then only letting in those whose faces are concealed, to enforce this. Thus forbidding all subcultures and professions their desired of even required clothing. Such a ruling would result in massive protests. Even more so, when after a while over 90% of all businesses were affected! If this were followed by them rejecting such protests, with above excuse of "not being an auxiliary" to people "endangering" themselves by not being concealed, it would lead to far more protests. Most likely followed by managers handing out the notice to these securities, given that they did all this self-willed, without an order or even just consent from above, thus damaging the businesses with loss of customers.
(Compare this with the actual situation, where securities more likely demand absence of concealment, so that their cameras are not circumvented. Contrast that with how the enforced-HTTPS web admins would react to comparable prohibitions of crypto.)
No state measures exist which do this. Except one is a politically or militarily relevant site, and thus a target of cyber warfare attacks. (And such attacks are more likely server intrusions, or possibly DDoS attacks.)
Apart from such sites only private actions of this type are to be expected. But such a large expenditure can only be justified for very few sites. Users of these are so also only a minority, who anyway need to know the special circumstances of such critical sites and the data there. So again all of this is completely irrelevant for the normal web surfers. This "actually larger danger" is therefore for normal people even less important than spying, just more paranoid insanity in effect.
(Note: Background for those, who ask how signatures work: The browser generates a random number, encrypts this with the servers public key, the server decrypts with its private key and sends the number back as proof of having this one. Reversed the same comparing signatures crypto can also be used for authentication instead of passwords, with the server encrypting a random number with the stored public key of the allowed user and the browser decrypts with the private key and sends the number as proof, thus making passwords superfluous.)
From this the perpetrators practically only get single user-IDs, for sabotaging these users and their readers. This is again only a very small danger, because the expenditure for it is seldom justified. Once again only single exposed users of special sites are endangered by such sabotage. All users should thus be allowed to judge their own risk and compare it with the costs of protecting against such. Especially should the latter costs them all access. Or even worse cost random surfers who are just reading access. (Here "social engineering" is a greater danger, because it is far easier, eliciting passwords with fabricated mails containing camouflaged links to the server of the attacker, which is known as "phishing". Against which crypto can not work at all.)
Further this can be secured by correct design of the site, with simply offering selective "Edit" links. Either only those who read with HTTPS get to see an "Edit" link, or better still with HTTP a deactivated one. Same applies also to "Login" boxes. Add to this a "Secure" link, which leads to the HTTPS version. (And in this one, sensibly at the same spot, a "Non-Secure" Link back to HTTP.) Only reading of the site can thus always also stay open with HTTP. Even adding of comments without account can be done by HTTP.
Comparable design can even be applied by Webshops for credit cards. Link to order form only active if HTTPS is used. With the rest of the site only as catalogue also staying readable by HTTP. Or even allow orders with payment by bill, only link to the credit card form deactivated.
(Note: This even more so, when one considers how much credit cards are fundamentally unsafe. Technically they amount to fitting one's bank account with a number lock, then writing down its number on the card (which when writing down passwords is regarded as a security violation!), followed by telling the number to everyone that one is paying (which with telling passwords is even regarded as grave security violation!). There is always danger of abuse on the part of the site operator or their staff. And if permanently stored on the site, also danger from intrusions into the web shop server (which is the main reason for such!). HTTPS actually only secures this already unsafe process against eves-droppers during transmission.)
(Note 2: Better would be to therefore to replace the use of credit cards, delivered with a bill to pay. A method that has worked flawlessly, since over 100 years, as used by mail order firms with catalogue plus telephone. Or at least with reserving goods and delivery only after payment by bank transfer. For which a special E-Banking device is sufficient, issued by one's bank (and updated at their cost!). This can use WLAN directly, and is so independent of computer/tablet/phone. To use it insert customer card and enter PIN, same as at an ATM or credit card terminal. Or one could simply go without such a device to one's banks own ATMs, which would have to be extended for this. Or if both do not fit, also the banks E-Banking website, where enforced-HTTP is acceptable, next to the other alternatives. All three variants are way safer than anything involving credit cards.)
(Note 3: The banks have apparently meanwhile got enough of misused credit card numbers. Ever more now demand confirmation of every transaction, by TAN query in phone app or via SMS. This converts the credit card from "password" to only "account-ID". This makes HTTPS increasingly irrelevant even for E-Banking and E-Commerce.)
Such an above "Secure" Link can also be combined with setting a HSTS entry, which tells the browser, that a site once visited with HTTPS shall always be visited with this. Even if it gets a HTTP URL to the site and there is no HTTPS Redirect. Because using HSTS a fitting browser itself makes an internal redirect, but such without stay with HTTP, the best for both sides! (With a "Non-Secure" Link the HSTS entry has first to be cleared, before going back to HTTP.) With this clicking on the "Secure" link in the HTTP version is only required once. There so remains an identical minimal danger as with an initial Redirect. After the site offers the same comfort, direct to HTTPS, without first clicking on "Secure". It is then even still possible to place HTTP links, so that HTTP users do not keep on landing on HTTPS, which does not work for them, with repeatedly have to delete the extra "s". Search engines can then even be redirected to HTTP, so that they always offer HTTP links.
The web admin with the above "Edit" link falsifying argument exited the discussion, after I had described this, without commenting on it. Most likely because he noticed, that this would work well, but did not want to accept and admit the consequences of it. This is typical of the behaviour of such fanatics: As soon as they notice, that they can not justify their measures, after a sensible compromise has been shown, which would require acceptance of others, they just run away instead of admitting their errors. Most likely, because they are trying to justify a politically motivated "all with crypto" aim with trumped up pseudo-technical arguments and collapse as soon as these fail real-technical criteria.
Add to this that most people for e-mail have rejected "all have to use crypto" by not doing it. Simply because they did not want the expenditure of it. That would most likely also be the case on the web, but the Redirect simply does it automatically. Reason behind both is because they simply have no interest in something so unimportant to them. Which would most likely also be the case on the web, if it required expenditure.
Open remains whether some, even without any expenditure, would explicitly reject using crypto. This because they do not want to create such a smoke screen, neither in e-mail nor on the web! Especially those who regard surveillance as good, would consciously decide against creating a smoke screen. The political success of surveillance measures points more likely in direction of wanting them and thus rejecting such smoke screen. Where there were public ballots on such laws, the results went in this direction. This public opinion is getting circumvented by underhanded Redirects. All this without discussion or consent or legitimation, or rather contrary to what is known of discussion and consent! Here we can also expect large dismay and protests, as soon as this sabotage becomes known, how they with manipulating browsers have unnoticed abused others data traffic.
Only place where enforced-HTTPS is acceptable, would be were other people are really endangered. Such as admin access, where the integrity of an entire site and all its users could become affected. Or at private sites where everyone needs an account, because otherwise internal data could leak out through compromised user accounts.
It becomes mostly irrelevant, where random people can have an account, and only their own data could be endangered. It becomes totally unacceptable where random account-less visitors are only reading a site. (To be avoided is thus, to demand an account just for normal reading. Same applies also for setting preferences, given that cookies suffice for this. Even for publishing data a tripcode can suffice.)
Borderline is for editing wikis. Which could lead to damage of shared data. But this is simply correctable by going back to the old version, because wikis were once designed for account-less editing, therefore such should therefore be possible. Possibly with moderation of such edits by people with an account (should damage there happen too often), or edits only with an account (where too much consecutive damage of an uncorrected edit can happen).
Furthermore it is acceptable with credit cards, where preventing access stands against preventing expensive accidents. (In this case better would though be anyway to get sent a bill to pay, instead of using a credit card, so eliminating credit cards and their misdesign entirely. Or at least secure these with TAN query, which banks are enforcing anyway, and thus eliminate the need for HTTPS.)
(Same also applies to enforced-TLS in mails: Acceptable where accounts are secured, so that outgoing mail servers do not become misused as relays, which can lead to ORBS blockages against them, and thus a real danger that users of them can not send mails any more. Or private mail groups, where internal addresses could leak out. It is totally unacceptable, where random account-less visitors are only sending mails to known addresses on a mail server. (Better here would anyway be to send direct instead of using an outgoing mail server. Thus no danger of blockages and no need for an account nor password nor TLS.))
Consider here further everything about net neutrality. This applies just as much to servers as to routers. Both net and servers are bases for the data traffic user - PC - net - server - net - PC - user. Both must be reliable, so that one can rely on them. Therefore servers should be just as neutral as routers, transfer data without imposing themselves. (This also no matter if web server or mail server or other servers.)
Over 90% of the addressed admins rejected any criticism and continued as before. They also did not help to spread information about the problem. They all received an offer, to go back to "live and let live" as it once was. They rejected this. This because the questioned admins largely showed themselves to be know-alls and fanatics. Plan A has failed and can thus be regarded as dead.
Rejecting criticism included above "go and upgrade" web admin who used extortion, or else lose a circle of colleagues. Arguments that he is repressing freedom, he rejected with the claim, the critics are also not purveyors of freedom! He rejected our demand of freedom (to be able to use HTTP), with the reasoning that we also do not respect his freedom (to on his server allow only HTTPS, thus though preventing HTTP). In this he ignores, that there exist two types of freedom:
On the one hand meaning-full freedom, to live as one wants. This applies to them, hiding themselves and for this using crypto. It also applies to us, using old things and thus avoiding crypto. On the other hand dictatorial "freedom", to proscribe to others how they should live (no matter whether deliberately prohibiting something or only knowingly preventing it). Which collides with the first freedom. His idea of such "freedom" would be equivalent to the state prohibiting him the use of HTTPS, followed by rejecting criticism of this by presenting that as their "freedom". His excuse of protecting people, can be used just the same by the state. Those who reject such a prohibition should also reject his lame excuse. A colleague who is also admin, and offers the choice of HTTP or HTTPS, has rated this admins point of view as "very off the mark". (One note here also the saying of "The Freedom to move one's fist ends there where someone else's nose begins". The Freedom to configure one's server ends just the same, there where someone else's entire lifestyle gets hit.)
His further excuse of "It is my server, I am allowed to do there what I want" is also to be rejected. In this he ignores, that since he offered his server to the public as a service for their communications, and not only publishes there himself, he has given them an implicit promise, to operate it such, that his offer is being fulfilled. In particular he has given all those publishing by him a promise, to deliver their information to all interested readers. This applies to the public in general, no matter who they are, no matter what they use. (An exception would only be, if he gave an explicit offer of only publishing to crypto users, he would then not only be allowed to deliver exclusively to these, but also be obliged to do so.)
His rejecting criticism also included above statement of not being an "auxiliary" to people who "endanger" themselves. This led to an extreme case, of another web admins explicit statement of "HTTP is dangerous, it has got to be exterminated!". He claimed also, that enforced-HTTPS is standard today, therefore everyone has got to upgrade, so there is no requirement for offering HTTP any more. In that this one ignores, that the criticism comes exactly from those people who do not want to or even can not upgrade.
This admin even insinuated, that the critics possibly have illegal intents. That despite that they repeatedly brought up multiple of the above legitimate reasons, which he though rejected as "no real reasons", and then because of "none given" speculated on illegal ones! Bonus points, because of contrast with usually adversaries of crypto accuse users of crypto with hiding illegal doings. But even such glaringly erroneous contradiction arises automatically, after they have rejected all arguments as "false", because of a mental blind spot, caused by their fear, thus treat the result as if "there are none". After this they invent some, turning adversaries of enforcement into adversaries of crypto. (After the first publishing of this text a common reaction of such people was, according to observation of a second colleague, to claim, that "no arguments are to be found in it"! That says quite a lot about the blindness of these people.)
Maybe they also don't even manage to notice the difference, because they have so much fear, that they perceive any criticism as an "attack". After all this is a known behaviour of paranoid insanity, to have a "for us or against us" mentality, which regards all who are not part of their party as adversaries. This results in an incapability to distinguish, between neutrals who are only complaining about inflicted collateral damage, and real adversaries who are pursuing them. Including failing to understand the sentence "Crypto is not necessary" as was intended as "Not everyone needs crypto", instead misunderstanding it as "You shall not use Crypto". As I have observed multiple times.
From observing this discussion, a third colleague came to the conclusion, that "crypto seems to have become a holy cow, which may not be questioned". I came from reading this to the conclusion, that these web admins actually have become security fundamentalists. Just instead of religious fundamentalists going from believing in their view of god as despot, to dogmatic dictatorship of their laws, here going from believing in their view of the state as a danger, to dogmatic dictatorship of their crypto. I came also to the conclusion, that their behaviour actually is that typical of moral guardians. Just instead of from fear of god, a no-sex teaching and demands for prudery legally enforced, here from fear of the state, a must-crypto teaching and demands for updates technically enforced.
Bonus points for above extremist using extortion, who forces such moral teaching via a position of technical power onto others, but then condemned the use of social pressure by victims defending themselves, after they made public his acts! When I pointed out this contradiction, he simply left the discussion, instead of admitting his error. Again the typical behaviour.
One can only deduce from all this, that these admins want to have it exactly how it currently is. They have the power position to enforce this, and assume they have not to consider anyone else. So they lead an extermination war against HTTP users, and the uninvolved victims get ignored.
They also believe, they can afford to reject entertaining any arguments. They only discuss, as long they believe to be able to push through their position. But when they lose a discussion, they simply exit and run away. Repeatedly observed behaviour. Exactly the behaviour of propagandists, who want to justify their form of dictatorship, but do not discuss constructively. Most likely because fanatism does not allow any compromise, so also does not want to help in constructing any.
It is though also the behaviour of people, whose feelings of guilt have been awoken, who then deny themselves, from fear of having to face their fears. And also the behaviour of cowards, who do not engage in a honnest battle, prefer to hide themselves and strike from hiding. Which all also fits with their overblown fear und the regression from it.
Ultimately the entire dispute amounted to value systems, which totally collide. They "must" protect people, letting those "endanger" themselves is unacceptable. After all they are followers of the "only true" security of HTTPS, thus rejecting any "heretical" openness of HTTP. But others require HTTP for its openness, demand tolerance of it, rejecting this with enforced-HTTPS is unacceptable. Between their politically "necessary" closedness and others technically necessary openness no compromise can be found. Which is why this conflict will only be solvable by rendering them harmless.
(Note: Parallels of these web admins to the DUL mail admins became visible: Those were for more than 10 years informed about its damage, that because of DUL legitimate mails are systematically going lost as "spam". By which both the senders who send direct lose, as do also the receivers on their servers. Such disputes resulted also over 90% in rejection and demands, that users "should go and adapt themselves". Even just allowing receivers, who recognize their loss, to switch off such defective filters on their mailboxes, was denied. "Reject without testing content" DUL applies to all, no matter the damage. Same as enforced-HTTPS applies to all, no matter the damage. Comparable was also the "we know it all" snobbishness of the mail admins. The difference was only, that DUL was circumventable, even if with annoying work. Which is why that did not result in a campaign like this one. (Which though now is being made up for, utilising this occasion.) Why also the similarity with the web admins quickly become obvious, and Plan A already given up after 2 years of 2017 and 2018. Followed by in 2019 developing Plan B and from 2020 spreading it.)
In this especially aim for people, who are in a position to push through an opening up. Such as web site owners, who have acquired such admins as staff, are being deceived and sabotaged by them. One can thus counter the admins technical power position with a commercial power position, where they must show consideration, because of their income depending on it. They can then only reform themselves or leave. Whichever of these, they will not be doing any more damage, so have been rendered harmless.
For this spread information regarding the hidden deeds of these admins. In particular describe their effect on their victims, to thus show why it is so unacceptable. At the same time also distribute arguments against their views and statements. In particular show how their dictatorship stands against freedom. For this exists this campaign and web site.
This all sounds in some respects like a bad dystopian future SciFi film, with a totally overblown situation and storyline. It is not however a speculative invention, but the actual situation of today's Internet, with real victims, who in the meantime are suffering massively, because paranoid insanity and thoughtlessness have struck. The greatest difficulty will be, to convince people, that such is really happening, that the Brave new World of the Internet is for the first time showing large cracks, which no one is expecting, because of no visibility. But here a new group of powerful bureaucrats has come into existence upon which people are by now dependant. But some/many of these lack a fitting responsibility at handling a power position and also lack the ability to handle criticism.
The tests further down exist, so that one can determine where and how much this really is the case. One can also expect, that at least the group of fanatics will completely make an exhibition of themselves, when confronted with criticism, as they have already repeatedly demonstrated. This because of being incapable of accepting such. They can after all not accept anything, which runs counter to their views, so can not take it up, nor take into account the consequences of it. Which is also why they do not notice how much they are shooting themselves in their own foot. (The only thoughtless admins will in comparison just be totally confused, because they lacking observance have up to now not noticed anything.)
Basic here is, that there only exist two ways in life, friendship and cooperation, or enmity and fighting. Friendship avoids losses and suffering, is therefore to be preferred where possible. This leads to the known approach of "live and let live", and so to tolerance. From this arises civilisation and so a living better than in barbarism. This leads to the evolution of cooperation, and that to respect towards others. Central rule of civilisation is "treat others the way you want to be treated by them". Even sufficiently intelligent egoists recognize, that such behaviour is in their own long-term interest, because it saves more on avoided losses, than it costs in forgone profits.
This requires however, that both sides take part, both recognize this precondition and respect each other. Where one side does not take part, the second side must also forgo it. Otherwise they are left with the costs of forgoing and despite these also losses from the other, up to being destroyed. This they want to prevent. Which leads to the well-known attitude of "be tolerant with all except with intolerance". From this follows acting selectively. Central rule against barbarians is "treat them the way they treated you." Only insufficiently intelligent egoists fail at recognizing the consequences, destroy inconsiderately and get destroyed. This also applies to all those, who mentally blinded by panical fear have become selectively stupid.
When only one side thus steps out of line, conflict and enmity arise, which has now happened here. The attacked can only choose between giving up or defending themselves, whichever leads to less loss. Without a fight the result here is guaranteed going under. The attacked do not want this, need open Internet, but are not getting such from the dictators. Their fanatism destroys, because it can not be tolerant. It has therefore got to be eradicated, same as any other barbarism. It offers no mercy, so it also earns none. Resistance is thus unavoidable, fight of liberation to stop the disturbance, after which peace will only once again be possible.
For this the resistance can only use what has remained usable. Further limit can still come from, how far one is prepared to go to achieve ones goal. Some are not prepared to fight, because using force is "bad", but such leads to going under. Some tip towards the other side and then become unlimitedly aggressive, which also harms. And the latter scare off the former, making it even worse. Strategy should be therefore to proceed selectively, with force against attackers, but none against others.
Extending above friendship and cooperation or enmity and fighting, from binary "either/or" to analogue "as far as the attacker went", allows quite a bit. With attackers who went up to guaranteed throwing out of the web, including pushing to the side of society, unless one can and wants to update, this justifies defence going up to threatening with loss of their jobs, unless they recognize and accept tolerance.
As in any fight this will cost losses, on both sides, but that is for the attacked less bad than going under without defensive fight. This is why barbarism is bad, because it only leaves bad or worse as a choice. One should therefore avoid thoughtlessly starting a fight. But when one has to do with fanatics who attack, one has no other choice than to take the lesser evil. Only from this there still exists war, despite the majority not wanting it any more, because stupid perpetrators of violence fail to recognize this. (Which is why the circumventable DUL mail admins did not trigger a campaign like this, only the enforced HTTPS web admins made such necessary.)
We are thus now organising an alliance, to build up public pressure on the fallible web admins. This by informing their employers, showing them their losses of readers and potential customers. (Also with DUL mail admins their losses of senders and potential customers.) After which these will, from their own interest, help us against a common target. With this we can render both fanatics and thoughtless harmless, no matter if by informing the latter, or reforming or simply eliminating the former.
Aim is not to destroy the enemies, but just to render them harmless. Aim is not revenge, but defense to end their attack. For this one only needs to destroy the paranoid insanity or the false teaching, which has overtaken them, thus free them from these.
To achieve that, one can by spreading knowledge bring some to insight and turn them around. This works especially with those, who only acted thoughtlessly, followed a "This is how one does it today" teaching, but now recognize its fallacy. Perhaps even some, who believed in it, but after seeing the damage caused recognise and turn around. Which is why we are informing all, to reform them where possible.
Only those who are too corrupted and thus refuse to recognize, should then be removed. Possibly confrontation of being given notice will bring some of them to their senses. Be that only after experiencing a repeat at a new job. Or even multiple times. Or even, after the problem becomes widely known, already failing whilst looking for a new job. Or even this also repeatedly.
Some remnant of unsavable broken fanatics is to be expected. Those who even after not finding a job any more, do not want to give up, despite destroying themselves. Some extreme fanatics will regard themselves as unjustly persecuted "holy" saviours of the world, who will never capitulate before the "evil" openness, preferring to sacrifice themselves in a fight against it, until they lay destroyed on the ground.
No matter which happens, reforming or eliminating, the latter temporary or permanent, or whatever else they need specifically, the target aimed for can be reached in any case, that the web becomes again usable for all, no matter what those can or want to use for this.
Advancing is thus selective, against all who on their sites use an enforced-HTTPS Redirect. They will be though forgiven, as soon as they see reason, become repentant and open up by allowing HTTP again. This as permanent offer of peace, open to all who turn around, stop their attack, with then again living in friendship as better situation becoming possible, instead of continueing in enmity. Here also applies back to "live and let live", better late than not at all. With this we offer all an escape from conflict, as soon as they stop attacking. The tests further down can also be used to recognize who has changed sides, or was simply replaced.
The target is reached, when the situation has been reversed, enforced-HTTPS has fallen from above 90% to below 10%. (Same as happened with DUL in 2015.) The measure used is, when an average search machine request brings this share of HTTP links, which also function as such, according to the Telnet Test further down.
From this unrealistic fear came their attack against completely uninvolved web users. These, having become victims, are now defending themselves and want to reverse this situation. We can for this show up the fanatics as the real "bad attackers" and the thoughtless followers as ignoramuses. This will end whatever sympathy for them that exists. Thus the crypto fanatics will fall, from having a bit of sympathy to their victims gaining far more of it, the situation becomes reversed.
For this we can exploit, that they inside their group have mainly scared each other. The external world has received little of this, has not become infected by their fears, has not become prejudiced by this, is only unknowing. Thus we can now aim at informing externals, so build up resistance on neutral ground. This campaign is thus consciously aimed at general public, not at professional people, of which many have failed. The fallible web admins will thus get discredited, when their behaviour and statements are laid open, followed by getting confirmed by collisions with the fanatic section of them.
Against this procedure they have no defence. As a movement they have no coherency, can not recognize and revise their errors. This because they in the end have the same progression as a horde of zombies, just that they are infected by fears instead of bites. They have no ability to take in criticism, when they meet such. This combined with running away, after losing an argument, leads to no feedback into their echo chamber. That prevents them from, in their own interest, warning others their own side. They from this have no contingency planning, can not now make an ordered retreat, neither tactical one, nor advisable strategical one.
This is also most likely why Plan A failed, because of the fanatic's incapability of communication, both externally as also internally! Thus remained only their propaganda, built up over years, whilst the complaints of the victims went unheard. So the thoughtless were not warned either, which would have partially defused the situation. Thus comes now Plan B, with all of its consequences for them.
The resistance will now proceed planned and organised. It only has to catch up with them. For this to succeed, it just needs to inform the large masses of decent but unknowing people, so get them to act against the fallible web admins. This including informing the mostly also decent web content producers, since these also belong to the losers. Some of whom also directly or indirectly employ and pay the web admins, for this expect fully functional servers. This employment can now be utilised, to reform the admins or simply to eliminate them.
Without coherency they have no chance to develop an own Plan B. Which is why it is just a question of time, until we will have caught up with and overwhelmed them. For this to occur I expect, due to the messed-up situation, which has about 5 years of development behind it, a comparable 5 years. More precise following in 2013 their trigger Snowden, from in 2015 first large web sites affected, to 2018 arriving at 90%, I expect here in 2020 my trigger, from in 2022 first large successes, to 2025 arriving at 90%.
(Addendum 2023: But then, just as I was ready to in 2020 commence with spreading, Corona intervened and dominated society and press for years. After that was over, rest 2022 and early 2023 were filled with personal problems. Mid 2023 the SPF security overreaction from mail admins is striking, ideal timing to pursue this again, given that both come from the same admin misthinking.)
But the reverse can be misleading! Even without a Redirect the browser itself can return to HTTPS, because of a HSTS entry set, especially when modifying from https:// to http://. Against this effect one can only use a guaranteed unused browser, or at least one that by guarantee was never used on this specific site, in particular also not by modifying https:// to http://! This is simple to do, but it remains unsure, in that about the unused really is correct.
For this one needs a program, which can use the Telnet protocol (an old remote login method). Such a program may have the name "Terminal" or some variant on this. In this program one must enter as Host or Server the name of the website (that which is in the URL after the http:// but before the third /). As port enter 80 (HTTP web traffic). If the program has an option for automatically closing or remaining open after connection ends, the latter is to be selected.
After connecting there is no output from the server (but the Telnet program may add some of its own). One can then manually type HTTP protocol (the dialog that browsers use to order specific pages from web servers). In that simply enter the line "GET / HTTP/1.0" (all between the "", but without these, there are spaces before and after the first /, but not before or after the second) and then Return. Followed by the line "Host: <WebSiteName>" (again without the "" and with <WebSiteName> replaced by the same name used above at Host, with space after the : but not before) and then second Return. This followed by an empty line, by just a third Return. The web site name is so needed twice, the first tells Telnet to which server to go, the second tells the server which web site one wants from it. (A browser does both automatically, but Telnet makes no such assumptions).
What follows after this input is the servers output, something that can scroll by for quite a long time with a larger home page. This is followed by automatically closing the connection, therefore if possible select above remaining open option. After scrolling back up to the top of this output, one can evaluate its beginning. More precise evaluate the first block of lines, those before the first empty line, these being the servers answer (with all that comes after the empty line being the actual page content). If the first line is a "HTTP/1.1 200 OK (or with 1.0 instead of 1.1) this is provenly an open server, which has just given a valid page (the possibly large jumble of data after the blank line).
Should it have "HTTP/1.1 301 Moved Permanently", one has to further evaluate the short rest of the first (and only) block. Important for this is the line which begins with "Location: ". If this, despite ordering HTTP by using port 80, has a https:// URL to the same server in it, then the server is provenly closed. Because that is the underhanded Redirect of enforced-HTTPS, for detouring to HTTPS!
Once one has the server name, one can test similar to for a web site. Just with port 25 (SMTP mail traffic) instead of 80 and with manually typing SMTP protocol instead of HTTP protocol (the dialog that mailers use to send specific mails to mail servers). For this it is best send oneself a test mail, instead of downloading a home page.
In Telnet the line "HELO <Mailserver>" (again all between the "", but without these, after the HELO a space and as <Mailserver> the host name of one's own computer, or if it has none simply the one of the mail server). Then "MAIL FROM: <Mailadress>" (without "" and as <Mailadress> the own one, as one is sending it). The < and > of the mail address are by the standards not needed, they are only to separate possibly added names from the address, which the sending mailer should actually do. Most mail servers to be safe also split these off. But some misconfigured ones even fail without them! Then "RCPT TO: <Mailadresse>" (this one the target address, when testing one's own server also the own address).
After connecting and after every input, the server should answer with one or a few lines. The last one after connecting should be "220 MailserverName and so on" and after that always "250 something or other OK". More generally all 200er numbers at the beginning are acceptable. If one gets to an OK after the RCPT TO: the server is provenly open, one can then send "Quit" to abort, without actually sending a mail. But if one sees a "550 A TLS connection is required" or comparable, then the server is provenly closed. Because that is the demand from enforced-TLS blocking.
(If one sees a 500er number, often 554, with a message something like "Service not available" or "No SMTP service" or "Not authorized" or comparable, despite this being a provenly functioning mail server, this is a good indication, that one has one of the remaining mail servers with DUL in the "reject without testing content" form. Same applies with an URL in the error message, which is a sure sign, because this is often done by DUL to "justify" the deliberate failure, but very seldom with real technical errors such as unknown user or disk full.)
Anyone who has an own web site, can obviously free it from enforced-HTTPS, should it be one of the many affected by this. Doing this one already is not contributing any more damage to the victims, is only neutral, or even better helping.
Independent of above being the case, one can place links on one's site and so spread knowledge of the problem. Doing this one can inform others, who can open-up their sites and also spread the information further. Even if one can do nothing other than spreading information, this helps reach out to others, who may then effect more. Thus spreading information is of uttermost importance, because the wider the problem becomes known the better. Only so we can counteract the viral meme of fearmongering with an fitting viral meme of informing. The biggest strategic mistake is to give up, because that guarantees having no chance and thus losing, while attempting always has a chance no matter how small it may be.
This also applies if one's own web presence is only a social media site on a Web 2.0 platform. A site which will very likely be affected by enforced-HTTPS. (Bonus points, if one reaches that sites operators and corrects them.)
Who like icons/buttons for links to action websites, can download one here:
(For those who do not like PNG bitmap icons/buttons and want to draw their own ones: The official definition is: 2 lines of text "SAVE" and "HTTP", all in capital letters, colour green on black, font any monospace (that is with all characters same width), double as high as wide (here 8x16 pixels, the 4x2 characters so give 32x32). For the actual icon add left and right 1 blank, plus top and bottom a half one (gives then 48x48). For the button add same amount of gray 2/3 bright (#A0A0A0) (gives 64x64), with outside 1/4 of it (here 2 pixels) of bevelled edge (left and top white, right and bottom 1/3 gray (#505050)).)
Additionally one can write their own texts. These with their own arguments. Or even just opinions or assessments of other texts they have read. All of which adds more relevance, by showing that this is of interest for more than just one person.
Such texts can also consciously point out or extend partial aspects of the problem, which are of importance to the writer. Alternatively simply shorten an article, to what the writer considers important. Or add new aspects that are unknown to me. Or use other media than text, applying all forms of protest, which are used to combat right extremists or left extremists or religious extremists, because here against comparable crypto extremists.
This basic text is consciously written to be all encompassing, to produce a "Buffet" of all. It is therefore ideal for others to link to, for all which they may leave out, this basis then delivering further reading material to consolidate. That also applies with the others acting as alternate introductions, or even recommendations of specific points with alternate reading order.
Even those who have no web site, can spread knowledge of the problem. For this use e-mails, or whatever one uses to communicate. In these this text can be linked. Again spreading information is the most important aspect.
Even outside of the net one can still help, in the form of a printable flyer, directly given to others or for display at events. A Flyer is available here, in HTML or PostScript or PDF formats. Or one may even make one's own flyers. (The first publishing of this text was with above flyer displayed at a retro computing event late in 2019.)
All these co-affected also have an interest to proceed against this problem, if they knew it. Some also have a position where they can exert pressure against the admins. In contrast to the surfers, who are usually defenceless against their loss. Employers are thus the main targets for spreading above knowledge of and correction for the problem.
Their damage hits various widely scattered victims. This problem thus addresses all, no matter if right wing press, which traditionally criticises abuse of power by left wing bureaucrats, or if left wing press, which traditionally criticises greed by right wing bureaucrats. Here there are web admins, who being bureaucrats are misusing a technical power position, instead of a juristical or financial one. Apart from this they are exactly like both above groups. These admins are even doing this from themselves, without any order from politics or management above. It is thus irrelevant whether in state or economy, because the do it as a self-willed and high-handed action. So this topic is of interest for both right and left wing press.
(The web admins themselves also scatter from right to left, which does not get then a bonus from either side. If anything characterizes them, then it is loud anti-authority rhetoric, but combined with contradicting heavily authoritan behaviour, which also can not gain them a bonus from either side.)
Add to this, that a journalist unlikely wants to ignore something new. This is the sort of big story of which every journalist dreams, that they can once uncover one. But denouncing this, whilst possibly their own web site is doing it, would be a self contradiction, which directly touches their credibility. They will thus have an interest, to check whether their publications are affected by this problem. If yes, they will want to correct this, and doing so will very likely collide with such admins. By this they will make their own personal experiences regarding their reactions, some fanatical, some simply thoughtless. This false behaviour striking visibly so near to themselves, will bring them to react against it.
Also the editors and publisher behind them will not like the loss of turnover and profit, any more than the rest of the economy. Add to this, that not only hits their marketing but their product itsself. And they are under pressure, so bring something new like this as first, not only as johnny come lately, which requires fast elimation of blocking admins. The press can thus not only open up their sites, but also spread knowledge of the problem with conviction.
The contradiction will also apply, rejecting such behaviour, but their site is doing it. The owners of blogging platforms will also not like it, as their income from page views gets reduced just as much, by throwing out readers. Here again, they can both open up their sites and also spread knowledge. Blogging sites are more likely open than many others, although in the meantime also nearly all of them are affected. (The same applies also for wikis, for page editors and platform operators, also nearly all affected.) (Same applies for web comics, for creators and readers, also nearly all affected.)
But this will most likely work the least well, seeing the demonstrated lack of mercy towards other people on part of the fanatics. Especially as some of them have already proven willingness, to sacrifice their own reputation, or even to lose their friends, for something so "important". This could though, after the problem becoming widely known, still become too much for some of the fallible admins. Up to now they could wipe it under the table as a minority problem, but less so when a larger part of the public turns against them.
At least this effect can reach all those web admins who only acted thoughtlessly, following a "This is how one does it today" teaching, but now noticing its error turn around. Some who believed in it and convinced took part, may perhaps change sides, after seeing and understanding the damage they have caused. The same applies for some professional authorities, who uncritically spread the fanatics teachings and have recommended these as "best practise". The same applies to web software designers, who recommended such configurations to the admins, or even without asking underhanded such to them. Same to security departments, which have prescribed such.
Some will then fear, that the state could use this opportunity for a counterstrike, when enough of the public mainly associates crypto with "protection" against supposed "dangers" and not with protection against real crimes. Or even worse, instead of merely regarding it as uninteresting, come to see it as fanatic or at least dictatorial. After which adversaries of crypto in the state could organise themselves, to exploit the situation, in this not only demanding also-open, but enforcing only-open.
No matter if this would be full prohibitions of crypto. Which is though actually not to be expected, because encryption does have legitimate uses, such as securing critical passwords and credit card numbers. Or if this would be only a prescribed systematic MitM measure to undermine crypto. Which is also quite unlikely, because comparing signatures to verify servers also has legitimate uses, such as uncovering MitM attacks, which try to underrun crypto.
A more likely measure would be, to force server operators to open up "back doors" for the state, allow it access to the transferred data. Which does not prevent protection of credit card numbers and passwords (these can be selectively replaced with XXXX, as on reciepts), but still gives the state what it wants to have. The crypto fanatics would though thus lose what they want to have.
This could be done, with crypto because of sabotage declared as mostly illegal, with offering it only legally allowed if servers are operated with back doors. (Which assumedly will only apply to crypto for encryption, which the state wants to get rid of, not to crypto only for comparing signatures or authentication, which does not disturb it, if anything helps.) This followed by forcing compliance with this by blocking net access. Thus all profit oriented Web 2.0 mass providers will comply immediately. Less critical Sites will perhaps even simply eliminate HTTPS entirely, to avoid the work for and risk from back doors. (Do not forget to first clear any HSTS before redirecting to HTTP, else users will be locked out.)
Only small activist providers will resist such law, which though produces far less smoke screen. These providers become thus recognizable and prosecutable, short time active but as soon as well known gone again. Normal people will not use such unreliable sites, which will reduce the smoke screen even more. The most likely survive then inconspicious sites for small closed groups. Normal people will not find nor use such hidden sites, only activist cells or criminal gangs bother themselves with such. That will exactly focus the state on both of them, and distance normal people further from them.
The above disparaging is assumedly already aimed at laying a base, to legitimate such a law. The state could now exploit this opportunity, to make such a non-concealable measure acceptable to a majority of the population, as soon as enough normal people regard the supporters of crypto not just neutrally as peculiar, but reject them as saboteurs or even fanatics.
Add to this also part of the populace, which will be pissed off. Feeling exploited, because of the unasked for underhanded redirect to abuse their data traffic for building up the smoke screen. This against all known public opinion. For politicians this makes enacting of laws against it easy.
All of this happening is far more likely, than the micro danger from spying should one use HTTP. And the later already suffices, to drive many crypto fanatics into insanity. After which crypto users may start to fear the loss of what they believed to have for sure. This exactly because of the involved peoples massive overblown fear-based way of thinking! This will especially hit the fanatic web admins fully, as for them crypto is so important because of fear, that they want to force it onto all.
From this threat of losing it can come new fear, and get some to turn around and open up their sites. Followed by striving, to get others to do the same, to reach the target of getting enforced-HTTPS web sites to below 10% fast, to reduce the problem getting known, and so fend off the threatening loss. A reversal which will scatter doubts, will divide the movement, break the up until now solid internal group dynamic of confirming one-other's fears. The more recognize this danger and turn round, the more of them will scatter. This will result in a reverse feedback loop, which hits increasingly, as an exact reverse of the internal group dynamic, which spread the insanity. Fear meme directly against fear meme. This can thus become very effective. (Addendum 2023: Crypto users have entirely failed to take this text serious and spread it among themselves, have thus lost this chance, despite Corona giving them more Time.)
Add to this here also a populace, which will be partially pissed off. Be that feeling cheated, because of the expropriation from behind. Or because of the misuses as smoke screen against measures they wanted. Or just having enough of security measures, which too often unnecessarily harm more then the "dangers" that they are supposed to prevent/reduce. Or maybe simply take this as occasion, to express their uneasiness, regarding being ever more dependent upon invisible people, over whom they have little or even no influence, and whose behaviour too often does not coincide with the interests of users. For politicians this makes enacting of laws against it attractive, in the fight for votes.
As part of this enforced-HTTPS could be recognized as discrimination against the life-styles of various types of HTTP users. Followed by placing under official prohibition above criteria where enforced-HTTPS is unacceptable. Or even extend demands of net neutrality to servers, transfer data without imposing themselves. With thus prohibition against any enforced requirements which go above minimal technological functional necessity or system integrity. This is normally the case with all other infrastructure and can also be here. Facultative securing may be offered, but only if the user demands it by an explicite action (such as clicking on a "Secure" link), and only if they can also unsubscribe it (with "Unsecure" link).
(Same could also happen to enforced-TLS, placing under prohibition where it is unacceptable. Or even because of preventing sending direct expand prohibition to using the "reject without testing content" form of DUL. Or even, because of preventing mail lossen, further to using any IP addresses or host names or other meta data based techniques, including SPF. Or even also demand net neutrality of servers, with thus prohibition against any enforced spam filtering imposing itself. Facultative filtering may be offered, but only if the user explicitely orders it, after recieving honnest description of loss risks of offered variants, and if they can also unsubscribe it.)
Those who complain, should this happen, that once again freedom has been reduced by regulations, and then claim that personal responsibility is better, do have a point. But they should also consider, that such large words should be followed by fitting deeds, to accept this responsibility, else only irresponsibility results. In particular they should not just use such as an excuse to hide egoism behind! These can now only go and complain to all those, who have once again delivered a great demonstration, of how much personal responsibility has failed, at least by them. By which they have worked into the hands of all those, who want to regulate something as socially important as the Internet. This first large scandal of the Internet could easily become its Titanic case.
Those who don't want this, can perhaps still try to prevent it. This would require a counterdemonstration of "just in time" recognizing the problem and opening up again. This could help, to convert some web admins (and possibly also mail admins), who do not want to work under such regulations. Further also get those to exert themselves, to turn others around.
First excuse will surely be, that they have done everything correctly, so as it "should be". This is a standard method of such people, to regard what they believe in to be the only correct way, thus redefining everything that contradicts it as false. Here also applies the universal behaviour of "good ones", who are only so according to following external rules, instead of from true inner goodness. Thus they fall quickly into badness, as soon as their rules allow it or even demand it. But continue to regard themselves as good, because they are following their rules. All criticism is thus rejected as "not justified", according to their rules. This also a standard method of failed bureaucrats. Here one can answer, they should have noticed, that others regard other stuff as right.
Then surely comes, that they just wanted to make the net more secure for all, to protect people. This is also a standard method, to distract from bad effects with good intentions, no matter what the actual consequences for others are. This goes up to the old known "the end justifies the means" as their most extreme excuse. Especially politically motivated behaviour is very succeptible to this. It happenes so often, that "the path to hell is paved with good intentions" in the form of "he had good intentions" has become a standard criticism in form of false praise. Here one can answer, throwing someone out is far more damaging than the threatening micro danger, "protection" which harms more than it protects is no such.
Then just as surely comes, that they did not know, that they were causing damage. Here one can answer, that not knowing was initially acceptable. Nobody can know everything, that is biologically given. It follows though from this, that no one can know if they cause damage! One should correspondingly advance with caution, as part of this consider whether something could cause damage, as often happens with security measures. One should thus especially pay attention to complaints, that something causes damage. To react to such with rejection is simply unacceptable. Latest after being warned guilt ensues, and they become perpetrators und the affected victims. Such rejecting, instead of accepting, exposes the "protection" as a lame excuse.
Further excuse surely comes, that this is todays state of the art, one does it so, or even this is expected so. This also a standard method, to distract from detailed effects using generalities. Up to the old known "done exactly as commanded", which is though totally unscrupulous. Here one can answer, that technology should serve the users, as they want or even need it, and not harm them. This may be followed by them claiming, that this is recommended procedure. Then one can answer, they should not any more respect professional authorities, who have unattentively taken up a teaching and uncritically spread this, which harms users so badly. (These authorities will either recognize their errors and want to distance themselves from these, so effect a reversal, or become unbelievable, so at least not spread this any more.)
Another excuse to be expected is, that HTTPS is necessary, to prevent accidents which would happen if it also works without. This is also a standard method, to distract from one damage, with wanting to prevent another damage, and presenting the later as more important despite it being the lesser. Here one can answer, such accidents are also preventable with less dramatic methods. Simply without HTTPS have no function-critical edit links nor credit card links suffices for this, plus offer HSTS for direct to HTTPS where it is wanted. Perhaps thereafter comes a further excuse, that this would require work, to rebuild and extend the web site software. Here one can answer, this is only a small amount of work, and laziness is not an acceptable reason for excluding some people entirely from the web.
Also surely comes, that this is "essential" security, thus "it has to be so", despite being irrelevant for way over 90% of all people for over 90% of their web traffic. This statement comes directly from their fears, which is why they consider it as absolutely important. After all crypto has exactly because of this become a holy cow for them. Here one can answer, that it is the user's decision, how much and which type of security they want to have and what price they are willing to pay for it. If they consider it as unimportant or too expensive, they should be allowed to live without it. That is essential freedom. Denying them this, instead of accepting their will, exposes such "protection" as fanatism.
Surely they will often repeat, that we should "go and upgrade", followed by statements, that there is then no problem, only those who "offend" against this have such. Given that this was already repeatedly brought up during Plan A. This is also a standard method, to preach their moral teaching, as a case of the old known "it only hits sinners so it is not a problem". Here one can answer, no one may demand from others, that they must live according to someone else's moral views. Everyone should respect, that others also have freedoms and they are allowed to live accordingly.
Also surely they will often repeat, that we are supposedly adversaries of crypto. Again this was often used during Plan A. This is also a standard method, to distract from criticism by shooting down a straw man. Here one can answer, that we do not reject cryptography or HTTPS as such, as these have justified uses. We only reject enforced-HTTPS, because that prevents living our lives. We neither want all-crypto nor nothing-crypto, we want to be able to choose what to use. They may have crypto, and we may be without. We are not adversaries of crypto, but avoiders of crypto. They are not only supporters of crypto, but also fanatics of crypto.
They sometimes go to an even lower level and simply defame us as stupid and/or ignorant. This was also often used during Plan A. This is also a standard method, to distract from criticism by not taking critics as serious, up to even mocking them. Here one can answer, that such attacks on a person clearly show up, how much they are lacking in effective arguments. (After the first publishing of this text a common reaction was, according to the description by a colleague, to treat this all as a "joke intermezzo of a backwards Swiss entirely without a clue". Perhaps these mockers should remember, that the Swiss have a long tradition of fighting for freedom, which includes toppling overinflated regents from their high horses.)
Even more surely will come decrying this as an "attack", latest when they start being hit by job losses. This is also a standard method, to blame the victims after these defend themselves. This is the thinking of every ruler, who regards the rebellion as guilty, also evers system that degenerated to dictatorship, which regards the resistance as guilty. This especially because they do not recognize their own actions as an attack, and thus see the victims counterstrike as the first. Here one can answer, that they should not have launched a general attack on 15 to 50 millions of people. Or at least should have, after attacking without noticing it, noted the criticism and aborted their attack, instead of failing Plan A. Thus only Plan B became necessary, to effect a stop of their attack by external pressure. Add to this, that their actions have left the victims only few possibilities, and that their collateral damage to their employers only enabled this Plan B. Which is the reason, why we resistance are now striking back with it. This is not an attack, but a defence by counterstrike, in the form of showing up the collateral damage they have caused. Blaming the victims is thus just a case of punishing the bringer of a message. This double so when they, after their behaviour has been exposed, are requested by their employers, to stop doing damage. But then either reject this and for that get fired, or they as rejection of this request hand in their notice.
Even during the Plan A phase, none of them helped to criticise the fanatics, which perhaps would have allowed doubts to arise in some of the involved admins, perhaps still would have saved Plan A. That however did not happen, perhaps because some were too much astonnished by the behaviour of the fanatics. Which is why now Plan B has been initiated. Despite some risk, that they may get collateral damage as a result of it.
That because this approach is unavoidable, as the web admins by their enforced measures do not give us any other choice. For us as completely uninvolved users else total loss of the web is certain. Whereas for them as involved only loss of crypto threatens and this only maybe. Lesser damage and less risk and that for more involved people is acceptable, because lesser evil.
The best that remains now with Plan B, is to succeed in rendering such admins harmless, as fast as possible, so that the target of getting enforced-HTTPS web sites to below 10%, according to the Telnet Test, is achieved fast. For this they can "thank" the fanatics, who killed Plan A. But also "thank" all others, who did not stop them, and thus did not help Plan A succeed. Which could drive both groups, to tidy up faster. But also earn them at least some sympathy and pity, should they become victims of collateral damage.
With tidying up the need to spread this criticism further disappears. Less people find out about it. Damage to reputation of crypto and the risk from that are minimized. Their best chance for this consists of, that spreading of the word among themselves should be faster, than spreading the information to the general public, including the professional press being faster than the general press. But this will only work, if they do not refuse themselves, for whatever reasons. Else applies the old insight, that those who come too late get punished by world history.
Should crypto become lost due to this campaign, one can advise them, to question their overblown fears. For this they can contrast themselves with normal people, without the twisting influence of the group dynamics of their fear subculture. While this they can recognize, that there exist two types of security, running away and hiding oneself or if necessary fighting with uncovering and collecting an alliance.
The digital society moves anyway unavoidably and exponentially towards arbitrary data availability. This is already known for decades and by some gets called Technological Singularity or Technopathy. In such a society secrets as a strategy have no long-term survival chance, are an obsolete approach. Already mid 1990s the expression "privacy was yesterday" appeared among attentive insiders. The reason, why such regard those who still today deny this as living in the past.
It is thus better, to prepare oneself for the coming future, regard its digital openness not as a threat, but as a chance. After all it is those, who have more to hide, that have more to lose from this, in a world where the majority of people are decent. These today tolerate a lot, but not intolerance against others. By which all acceptable people can get help from many, especially against aggressors, including all attackers which they fear. At least as soon as the attacked create a PR disaster for the attackers, exactly as it is being done with this text. The old saying of "honest lasts the longest" will in the digital world unavoidably become increasingly important.
(The best real answer to possibly misused surveillance is correspondingly the surveyed state, including freedom of press to show up misuses discovered by this. That was already recognized centuries ago by the founders of democracy, despite them only having paper and quill and post coaches, plus in best case a print shop and newspapers! An Insight which also lead to prohibition against censorship, because that prevents such communication. People who despite knowing the digital world, still do not understand this, have got a lot to catch up.)
Who now claims, that the mass in the middle is not decent, should urgently revise their picture of this mass. The widely spread expression of "look at how stupid the average is, and half are below that" may be mathematically correct. But the rating of the average as stupid, is far below the real level which they have. This becomes misestimated, because most people's views are strongly influenced by news media, which for spectacle mainly show the 5% worst, plus a bit of the best 5% should they stand out enough. The 90% between are largely ignored or at least marginalized.
In reality the populace in the middle is far better than its reputation and in particular way better than any "better" dictatorial groups. Worst case the middle does not know, or has even been deliberately misinformed. Generally one can assume, that most of the populace respects the freedom to live as one wants (at least as long as one respects their and others freedom to live as they want), and rejects any "freedom" to harm others (no matter whether damage by deliberately prohibiting something or just by knowingly as side effect preventing it).
Only someone who really has something to hide will not get any help, rightly so. Those whose behaviour repulses the mass in the middle so badly, should anyway be asking themselves, what they are doing wrong? Why do they want to live a behaviour, to which they can not openly stand before most others? Those who still think, that their behaviour is right, only gets rejected injustly, should ask themselves, why they are not committing themselves to stopping this rejection by informing others? Something which many groups, who have been persecuted for centuries or even millennia, have done in the last decades, with success, by making the populace in the middle knowing, instead of leaving them misinformed. (But here probably the "for us or against us" mentality of paranoid insanity stands in the path of recognizing neutrals, and also prevents noticing this approach.)
Which is why we are now purposefully striking back at them. This with a tactic of "Here we will else die anyway, so break through the middle of the enemy, because we will so more likely survive". For this we aim that the web becomes open again for all. In best case with admins recognizing the problems caused and thus reforming themselves. Or simply them accepting what we want, because of threatened job loss. Or worst case eliminating non-correctable fanatics from their jobs, if not even threat works. In this we are not begrudging them any fitting loss. That all is Plan B.
Should though possibly also regulations ensue, we will not begrudge them that loss. The same applies also to enforced back doors, or up to MitM measures, or even up to full prohibitions of crypto. We recognize, that next to us avoiders of crypto there also exist real adversaries of crypto, which possibly will now profit.
But this is the fault of those, who destroyed Plan A and thus left us only Plan B. They have thus ultimately indirekt worked into the hands of their enemies. More precisely they have turned us neutrals into further adversaries, by attempting to exterminate us. Most likely they also only made the state into an actual adversary, by sabotaging it's surveilance, whereas before it was only a potential one.
Should the state now want to prosecute them, and for this exploit the damage to their reputation by our action, they have brought the state up against themselves, and driven us to giving it this opportunity. Common enemy thus creates allies. They from this fully deserve any damage that may result. For irony such a consequence would nearly be impossible to outdo. (Even more so when one considers, that they started with fearing the state becoming a dictatorship, as reaction to this became dictators themselves, and now fail because of victims who want to dispose of their dictatorship, and the state which exploits this.)
Contrast this with it, that persecuted should as strategy conceal themselves, and surely not as contradicting tactic produce avoidable public annoyance. This applies just as much, if they only imagine the persecution. They should certainly not have created so great a damage, that the victims of this want to explicitly proceed against them. Regardless of if collateral damaged web users want to show up their actions, or if targetted state wants to eliminate their sabotage. For which they could now become persecuted for real.
This even more so, when they attack the entire world, with this hitting 15 to 50 millions of victims. Which practically guarantees, that at least someone is among so many affected, who is both affected (all retro computer users who are unavoidably getting thrown out), who also understands what is happening (because many retro computer users understand technical stuff well), and who knows how to make a PR desaster out of this (from as older generation already having decades of observing and analysing such), and who has a tradition of committing themself (from the retro computer scene being self-organized), and who can afford time for this (after losing many surf opportunities), and who has the drive for this (from double annoyance of loss of web and wasted time because of fighting against annoying fanatics instead of working on interesting projects).
Those who want to complain about the damage which ensues, should remind themselves, how they acted towards the victim's complaints about the damage being done to them. Those who then did not grant consideration, can now expect none. Who wants to have freedom to use crypto, but disregards others freedom to avoid crypto, may lose his freedom just as much, deservedly. Only who respects others freedom, can gain and keep his own. But they ignored this principle of consequences. Just as they ignored using the entire principle of being cautious. As also the principle of accepting criticism from others.
Especially fear prevents using intelligence due to panic reaction, and thus causes selective stupidity. Thus all this was not noticed and prevented, all because of overblown fear of supposed danger. Thus came into being another case of, who will not listen to criticism, has to feel loss. They will reap what they sowed. That applies even if it becomes an expensive lesson, up to massive loss. Even if an "overstreched the bow" situation occurs: They wanted too much, what they already had breaks, is unrepairable, they lose all.
Mercy they have none to expect, that the victims deserve, not the perpetrators. At the best they may still hope for forgiveness. But recieving that requires first recognizing their mistake, then stop making excuses and accept their guilt, with showing remorse and for bettering aborting their attack. After which end of their barbarism is and civilisation again becomes possible.
How many wise old sayings fit here so well, shows how much long known this all would actually be. But if one can often learn something from history, it is that many people learn nothing at all from it. They repeat mistakes already done many times, to obtain their own personal lesson. In particular insufficiently intelligent egoists fail not only at comprehending of respect for other people, but also at learning from others mistakes. Even more know-alls believe, they do not have to learn anymore, especially not from any lesser knowing, ignore so what others have learned. Even from previous already fallen know-alls nothing is learned, because those were provenly not knowing, and are thus "not relevant". After which they repeat same errors and also fall.
Life exists for learning. Some do this easily. Others fail at this, and only thus get into situations, where they have to make it up far more difficult. What they did not learn by education and observation, now has to be rectified by own experience. A far more expensive way. All that remains is to hope, that this lesson becomes expensive enough, to make it clear to many of them, how much nonsense they have perpetrated. Followed by recognizing and bettering themselves, after which they in future will respect other's freedom, to decide according to their own criteria. And that with lasting effect, because of the damage and pain caused by this lesson.
This page is by Neil Franklin, last modification 2023.11.10