Yes, absolutely. Controversial content of all sorts (activism, gay rights, sex, etc) gets censored all over the planet and gets people on watchlists.
When you are talking about the potential for controversy itself creating this problem, then yeah, HTTPS becomes a benefit everywhere. "Oh but we just host cute pictures!" - doesn't matter. Maybe someone commented on one of those pictures and said something about China being a terrible country. Maybe an innocent chinese visitor saw that thread and ended up on a watchlist because of that.
And even ignoring the whole "I have nothing to secure" mentality (which is no better than the "I have nothing to hide" mentality, really), having HTTPS everywhere makes the people for whom it matters safer. Look at what happens with Tor.
In a world where encryption is the exception, the one who uses it is immediately labeled a terrorist.
Make no mistake. This is not about "encrypted communications". This is not about asking the user "Do you think what you are doing here warrants extra security?". This is about the medium. It's about making encryption ubiquitous so that these situations never arise.
When you ssh into a machine, do you ask yourself that question? "Oh well I'm just going to do harmless system monitoring, don't need encryption for that!". No, you don't, because the medium gives you that security and you never have to make that false choice.
So what do you gain by not being secure?
The only argument I ever hear in answer to this is "battery life"/"processing power". Such nonsense. Monochrome displays have a similar benefit, but in general computing you don't give users monochrome displays because of all the situations where colors are useful. And you certainly don't ask the user "Do you think this image you are viewing really deserves colors? What do you gain from them, it's practically black & white already!".
I'm so tired of this whole debate. Can you tell? It's such a waste of time. As Poul-Henning Kamp put it last FOSDEM, the NSA loves that debate and probably perpetuates it. "Do we really need encryption for everything?" is a false question, especially on the internet. You don't, but other people might. And just because you have nothing to hide doesn't mean you should show everyone everything. And just because one kid was raped one time in your town doesn't mean you should store your kids in the basement and treat them like emergency supplies.
There's a huge difference between ssh and ssl's trust model, where the latter requires you to fork over money for each domain name(1) and at the same time trust ALL the other CAs in the world not to work against you.
(1) except for a couple of very inflexible free tiers at a couple of vendors, which caused more trouble than it was worth during heartbleed.
For SSH your key management is 100% in your hands and no third party can create a replacement key pair that would work in a MITM attack.
The perfect is the enemy of good. With TLS, you reduce the MITM exposure from "everyone who is in the path between you and the server" to "everyone who is in the path between you and the server, AND has control of or has hacked into a CA AND is willing to risk the CA being blacklisted by the major browsers".
The latter category is much smaller than the former (which includes anyone in the public access point you're using, for instance). Yeah, the NSA is probably in the latter category (if they think you're important enough to risk burning a CA), but the NSA is not your only adversary.
When you are talking about the potential for controversy itself creating this problem, then yeah, HTTPS becomes a benefit everywhere. "Oh but we just host cute pictures!" - doesn't matter. Maybe someone commented on one of those pictures and said something about China being a terrible country. Maybe an innocent chinese visitor saw that thread and ended up on a watchlist because of that.
And even ignoring the whole "I have nothing to secure" mentality (which is no better than the "I have nothing to hide" mentality, really), having HTTPS everywhere makes the people for whom it matters safer. Look at what happens with Tor.
In a world where encryption is the exception, the one who uses it is immediately labeled a terrorist.
Make no mistake. This is not about "encrypted communications". This is not about asking the user "Do you think what you are doing here warrants extra security?". This is about the medium. It's about making encryption ubiquitous so that these situations never arise.
When you ssh into a machine, do you ask yourself that question? "Oh well I'm just going to do harmless system monitoring, don't need encryption for that!". No, you don't, because the medium gives you that security and you never have to make that false choice.
So what do you gain by not being secure?
The only argument I ever hear in answer to this is "battery life"/"processing power". Such nonsense. Monochrome displays have a similar benefit, but in general computing you don't give users monochrome displays because of all the situations where colors are useful. And you certainly don't ask the user "Do you think this image you are viewing really deserves colors? What do you gain from them, it's practically black & white already!".
I'm so tired of this whole debate. Can you tell? It's such a waste of time. As Poul-Henning Kamp put it last FOSDEM, the NSA loves that debate and probably perpetuates it. "Do we really need encryption for everything?" is a false question, especially on the internet. You don't, but other people might. And just because you have nothing to hide doesn't mean you should show everyone everything. And just because one kid was raped one time in your town doesn't mean you should store your kids in the basement and treat them like emergency supplies.