Another of Google's attempts to implant data harvesting features into the web spec. The only purpose of the proposal is to spy on end users cross-domain. It is more invasive than FLoC or the Topics API, allowing hits to be recorded for arbitrary variables. The idea is that this data will preserve privacy because it is only made available as "noisy histograms", which seems woefully incapable of addressing most objections to the data harvesting that was traditionally done with 3rd party cookies. The precise accuracy of collected data was never important to begin with.
Remind me why we assume good faith and allow Google employees to participate in the standards process, again?
This may not necessarily go anywhere since it's a draft, but it's already implemented in Chrome so I assume they will attempt to force it through at some point. I hope others are paying attention.
Not all DNS providers are supported by certbot, so sometimes it's impossible to automate. It's not infrequently that I come across sites with expired certificates nowadays.
And what of those who have left their old site (that has no need for TLS) online for years without ever knowing 'insecure' HTTP is being deprecated? I don't think their sites breaking and showing warnings should be acceptable when the security benefits are so marginal.
Time is money, I'm sure some users visiting websites that don't have the luxury of being maintained by multinational corporations will experience issues as a result of this change. TLS certificates are also not trivial to set up or renew if you require a wildcard certificate.
Remind me why we assume good faith and allow Google employees to participate in the standards process, again?
This may not necessarily go anywhere since it's a draft, but it's already implemented in Chrome so I assume they will attempt to force it through at some point. I hope others are paying attention.