I hadn't heard of this. I started a similar effort a couple of days ago.<p><a href="https://github.com/benatkin/pure-ssl" rel="nofollow">https://github.com/benatkin/pure-ssl</a><p>One thing I'm impressed with is sites that allow people to embed images from anywhere but still don't have mixed content. The way GitHub and Convore do this is by making images from an http-only domain available on an https domain. If you try pasting an image from GitHub pages (GitHub pages is HTTP only) and you inspect an image on Convore I think it will point to an https address on Rackspace Cloud Files.
Ycombinator: <a href="https://www.httpsnow.org/domains?utf8=%E2%9C%93&search[name_contains]=ycombinator.com&commit=Search" rel="nofollow">https://www.httpsnow.org/domains?utf8=%E2%9C%93&search[n...</a><p>Then there's this comment: 'pg doesn't care about security.'
They should redesign the header so that the site title looks like an actual header instead of a large text box. I spent a while trying to click on it to enter in my own site to check.
The barrier to ubiquitous encryption on the web is the requirement that everyone purchase an overprice certificate.<p>What we need is HTTPC, which would be SSL without verification. It would not show up as verified like HTTPS-- no green bar, etc. It would look just like HTTP, except with encryption.
I don't know that it's really ideal to try to force all normal browsing activity to HTTPS. If a person is concerned about pedestrian, non-identifying data, like reading HN, then he should take it upon himself to set up a VPN or some other mechanism to encrypt his data. Why do we want to establish a standard of default HTTPS?