Posted: Sat, 6 August 2011
"Everyone" knows that if you have people logging into your site, you should
at least be considering providing pervasive HTTPS for your site, so your
users don't [get pwned by Firesheep](http://codebutler.com/firesheep). Of
course, some people [don't worry about their users getting
But even if you're just a brochureware site, it's time you get the HTTPS
religion. Because if you don't, you leave your users open to [ISPs like
this](http://serverfault.com/q/298277/1375), who want to modify the HTML you
send to include their own ads and notifications, or [this
who thought it might be a good idea to redirect users' searches to their own
revenue generating services.
When you're forking out for the extra expense of HTTPSifying your site (it's
not huge, but it's not likely to be free), thank all those people who have
decided that their need to extract additional profit from the people who
already pay them money for Internet service outweighs their responsibilities
to provide the service they've been contracted to provide.