HTTPS Is Actually Everywhere September 21, 2021 https://www.eff.org/deeplinks/2021/09/https-actually-everywhere
A third of you slackers out there still aren't using HTTPS by default https://www.theregister.com/2021/12/09/top_1_million_report_scott_helme/
Very few if any of the world wide web's top million sites doesn't have any input form. I'm guessing here, but how would a site become popular without that? Also your clicks are your information input too, because it reveals what you are interested in.
The only input form on YouTube is a search box (unless you are a content uploader but I am not). On the front end I don't see a reason for the extra overhead and bandwidth. SSL certainly doesn't stop any tracking. It might make it more difficult for someone that couldn't really do anything with the info anyway. The big players are already embedded in the site. I visit sites where I see ads from other sites I purchased from that to my knowledge aren't connected by anything but the obvious ad networks that aren't stopped by the SSL on both sites. Then for a virus scanner to monitor the traffic it need to MITM to see the contents. In any case we can be thankful for Let's Encrypt as in the past it was the companies selling the certs that were pushing for their use.
I think you are missing the point. People are lazy. Companies are caught in bureaucracy. This caused a lot of websites that obviously should have TLS to remain in status quo and operate without it. Nothing pushed them to do so. Unless TLS will be a default a lot of these websites would continue to operate without any changes. This is human factor. Technically it is hard to get rid of threat of ssl stripping attacks. Browsers aren't smart. They can't judge content and automatically decide if website is worth to encrypt or not. Web can either be unencrypted by default or encrypted by default. Without making TLS a default choice it is not possible to get rid of threat of SSL stripping attacks. Put in context many people do connect to shared and/or untrusted Wifi networks especially on mobile devices.
Fair enough. You make a good point. I still feel it is not necessary on some sites but if that's what it takes to get the ones that should be doing it motivated so be it.
