koitsu wrote:
What most end users are concerned with that justify SSL are...
I prefer that sites that offer binary executables for download use HTTPS, so that I know I'm getting the file I expect. (I think there's at least
a few of these on the forum.)
koitsu wrote:
Because I'm completely sure that shady ISPs and compromised backbone providers are collecting all the L/Ps as to destroy everything related to nesdev.
I imagine that most MITM attacks are not targeted to a specific site, but are trying to capture anything that looks like a login in an automated way, replace exectuables, etc. It's also relatively easy to set up compromised "free wifi" in public places. So... IMO a "shady ISP" is a real and present danger, and the obscurity of NESDev is no protection against threat.
The biggest problem isn't really that someone stealing an NESDev login can use it to access NESDev.com, the problem is that it's a certainty that tons of NESDev users are using shared passwords. The point of Google's SEO demotion is to protect users from themselves, more than anything else. (I
don't think we should be concerned with SEO for NESDev, but I do think protecting its users is worth considering.)
Actually the executables thing is why I feel a bit anxious about all the binaries hosted on my own website. I try to put them on github, etc. where I can, but a lot of my hobby stuff isn't applicable to that, and I don't want someone to get malware because they tried to download my game demo at a coffee shop. I wish my site had HTTPS for that reason.