> HTTPS on content only sides is primary about preventing people with tampering with the website
"people" here specifically excluding Verisign & its successor racketeers, the NSA (plus bananistani national equivalents thereof).
> in ways which potentially can hurt you from just opening them
Running shitware is optional.
> It doesn't prevent JS injected into your side from being executed
The only solution to malicious JS is... to switch off JS. Asking people you don't know to pay the cert tax does not somehow guarantee that their JS is not malicious.
> ... check the signature before loading/parsing any content it isn't secure.
"Secure content" is what you obtained from someone you actually trust and verified with a pubkey you received out of band (ideally -- meatspace). All other content may as well have been authored by evil martians, despite any pretense to the contrary.
> by now pretty much not-undoable not-decentralized HTTS infrastructure
What part of "Where I still have the freedom not to use the Reich's master-keyed pseudocryptographic garbage - I will not use it" is hard to understand?
IMHO it is quite strange that the "HTTPS-everywhere" nonsense isn't immediately understood by everyone for what it is -- simply Google's latest effort to stymie ad-blocking (with the applause of NSA, whose mission today consists largely of efforts to retard the development of actual - i.e. not masterkeyed and not escrowed - crypto.)
"people" here specifically excluding Verisign & its successor racketeers, the NSA (plus bananistani national equivalents thereof).
> in ways which potentially can hurt you from just opening them
Running shitware is optional.
> It doesn't prevent JS injected into your side from being executed
The only solution to malicious JS is... to switch off JS. Asking people you don't know to pay the cert tax does not somehow guarantee that their JS is not malicious.
> ... check the signature before loading/parsing any content it isn't secure.
"Secure content" is what you obtained from someone you actually trust and verified with a pubkey you received out of band (ideally -- meatspace). All other content may as well have been authored by evil martians, despite any pretense to the contrary.
> by now pretty much not-undoable not-decentralized HTTS infrastructure
What part of "Where I still have the freedom not to use the Reich's master-keyed pseudocryptographic garbage - I will not use it" is hard to understand?
IMHO it is quite strange that the "HTTPS-everywhere" nonsense isn't immediately understood by everyone for what it is -- simply Google's latest effort to stymie ad-blocking (with the applause of NSA, whose mission today consists largely of efforts to retard the development of actual - i.e. not masterkeyed and not escrowed - crypto.)