Licensing issues aside, it would cost _additional_ money to actually serve all that content to a global audience (shipping bytes over the internet isn't free).
I get the PHP error about 9 times out of 10 when accessing https://www.bbc.com and https://bbc.co.uk in both Firefox and Chrome (from Switzerland). IP accessed in both cases (i.e. PHP error and successful page load) is 151.101.12.81:443.
One might reasonably assume the "bad guys" they're trying to catch would go elsewhere though, if they have any sense. So then you're just left with innocent people to spy on.
What if catching the stupid bad guys just means the smart bad guys take their place? Like a spray that kills 99% of bacteria, all you're potentially doing is applying a selective pressure towards being more technically smart.
And in this case, being more technically smart might just mean clicking the link to the E2E encrypted web chat site rather than the server-to-client encrypted site. Perhaps, though, the government will start banning websites that offer E2E encrypted chat, and require hosting companies to not let you host such apps yourself.
Milton Keynes has had electric buses since 2014, which top up their batteries via induction chargers at the end of each route throughout the day: https://www.bbc.co.uk/news/technology-25621426
Chrome isn't forcing anyone, it's just making it clear to users that a non-https site is insecure, which it is. What's the problem with providing information so that users can make an informed choice about whether to use the site?
Ordering any server from a tor IP, even dirt cheap shared hosting plans, will trip their fraud detections 100% of the time. You'll likely get an email asking for photo ID.
I buy all my vpses via Tor, it takes some effort. But after a while I always manage to find a provider where I can complete the process. So, not all the providers all the time. Just some of them some of the time.
It depends on the hoster. BitHost has no problem with Tor exit IPs. Neither does Host Sailor. I know a few others, but sharing names would be imprudent.
Not true: Currently the "info" indicator appears on first interaction (which _could_ be after they've auto-completed everything, but may not be). This is changing though: In Chrome 68 the info indicator will be there on all HTTP pages, without form interaction required. So this change just changes it from "info" to red warning.
If you type fast, you can probably get a whole username (or personal name, or street address) in without seeing the red warning. (That said, it looks like it _will_ show "not secure" by default, even before you type anything in, on HTTP; it just isn't emphasized unless you enter data.)
No, as of chrome 68, http will be marked as not secure without waiting for any user interaction at all. The change for http pages outlined in this post is to upgrade that from the grey info message to a red warning.
Actually the target position is that https _won't_ be marked as "secure", but rather than http will be marked as "not secure". Can't really argue with that.
Oh I'm not arguing with that part, that's a good development. But that's "assume the web is just the web", not "assume the web is secure by default". The latter is a dangerous idea.
