Thanks to Comcast, I’m enabling HTTPS on my personal websites. The only reason I need it is that I now reside on a hostile network.
I have had FIOS for the last 5 years but after my recent move, the only option I had available was cable Internet. I was greeted this morning with the following popup injected onto my personal site:
Now, I had read about how Comcast was injecting content into HTTP sites but had been lucky enough not to endure it personally. The fact that they are MITM my browsing is bad enough, but they just let me know that my connection is metered as well. One could ask “Why would you be using over 1 TB of Internet Traffic?” One could respond with “Fuck you, it’s none of your business”, but this month I was downloading the last of my S3/Glacier backups so that I could move them to something reliable without handing more money over to a company working against my right to privacy. I apparently have 2 “courtesy” months that, once exceeded, I will get charged a pretty ludicrous fee for going over in 50 GB increments. I of course could hand over an additional $50 a month for uncapped traffic, which would put my monthly Internet bill over $90.
I have used digitcert to purchase an SSL certificate, but I had heard about letsencrypt and decided to try using certbot. It was relatively painless and as of the publication of this post, they are providing the certificate my websites use. I agree with n-gate that putting HTTPS on everything is unecessary and a sign of things being broken, and had avoided doing it until this incident. I wish I had better solutions but for now I’m stuck.
These sorts of intrusions are why I support the EFF even if they get some things wrong like advocating DOH. I will be supporting letsencrypt considering the amount of money that their service has saved me from purchasing commercial certificates.