zlacker

That is because without https, there is no guarantee that the site requested is bring delivered as the site intends. For example, an ISP could insert data or scripts into the page.

>>garden+(OP)
And monkeys could fly out of my butt. Not everyone has the same threat model.

Faced with a choice between a vague future threat that might happen (an adversarial ISP or other MIM attack) and a certain future threat that will happen if we let it (incumbent gatekeepers locking down the Web), I'll take my chances with the former, and opt for less gatekeeping rather than more.

>>garden+(OP)
Let's rephrase that...

"That is because without Web Integrity, there is no guarantee that the site requested is being delivered as the site intends. For example, a browser extension could remove ads or modify content on the page."

See where this slippery slope is heading? We DO NOT want what "the site intends". We want to be in control of the content we consume.

>>Camper+z1
It's not a "might happen." ISPs, especially in places like hotels and other public WiFi spots, were replacing ads on sites with their own ads. I don't know if they did anything more nefarious but they were probably also snooping and logging to at least some degree.

>>userbi+Oq
Well, as you note, user control is exactly the difference; a user can still modify a page with HTTPS, but not with this proposal.

>>garden+(OP)
Then make laws to force your ISPs to be neutral carriers and prosecute any pulling shit. Most of the world doesn't have this problem yet we are still forced to waste countless of cycles and man-hours on TLS for public read-only content.