But the users screaming bloody murder are right! (Or rather, they are exaggerating, but they are in essence right.) Most TLS errors are not the result of someone trying to spy on you; they are the result of someone letting the certificate expire or something equally silly.
Furthermore, if all the people advocating HTTPS everywhere get their wish, then the people screaming bloody murder will become even more right! If I'm trying to load the HN homepage, and heaven forfend I get a security error, you better believe I'll ignore it, because even in the unlikely case that someone is spying on me, I can't think of how someone knowing which HN threads I read is going to hurt me in some way.
I'm not sure why you've been downvoted, I think you're quite right. A warning that's shown too often when there's no real threat gets ignored. Making the warnings bigger and scarier is just crying wolf ever louder, and it doesn't work.
I don't think the solution is to avoid HTTPS, however. I think sysadmins need monitoring and automation tools so that expired certificates can be an exceedingly rare event. Letsencrypt has taken a big step towards this by making a fully automated process to get a certificate.
> I think sysadmins need monitoring and automation tools so that expired certificates can be an exceedingly rare event. Letsencrypt has taken a big step towards this by making a fully automated process to get a certificate.
Furthermore, if all the people advocating HTTPS everywhere get their wish, then the people screaming bloody murder will become even more right! If I'm trying to load the HN homepage, and heaven forfend I get a security error, you better believe I'll ignore it, because even in the unlikely case that someone is spying on me, I can't think of how someone knowing which HN threads I read is going to hurt me in some way.