web0 manifesto
“…web0 is web3 without all the corporate right-libertarian Silicon Valley bullshit.”
Sign your name and join me in starting the year as you mean to go on: without tolerating any bullshit.
Happy New Year! :)
G’morning folks, how lovely to wake up and see the new signatures on the web0 manifesto
By the way, if you are having trouble signing because your email server implements an archaic anti-spam technique called greylisting. I’m going to look into adding basic support for it but please also contact your email provider and remind them it’s 2022. Spammers have long worked around greylisting. Today, it just makes things harder for legitimate small web use cases.
Also, some folks have mentioned on the fediverse that they don’t have a web site to link to… please feel free to use the link to your fediverse account (Mastodon, etc.)
But please don’t link to people farmers like Twitter, Facebook, etc., or to sites with trackers from them.
I’m going to look through the links today and contact you to see what we can do if any look problematic.
Finally, a couple of you have reported not being able to add your site if it doesn’t load over a secure connection (TLS).
That’s by design :)
It’s 2022 and we should all be doing our best to encourage good practices. HTTP is not secure. It means people who visit your site could be hit with man-in-the-middle attacks.
Thankfully, we have a free/automated way to implement TLS now with Let’s Encrypt.
And servers like Site.js (https://sitejs.org) do it automatically for you.
How sad...
you've been fooled by #BigTech propaganda about TLS.
Who pay the bills of Let's Encrypt?
How secure is a system that enable any certification authority in the world to impersonate any HTTPS website?
#HTTP is inheritely decentralized through proxies. And you don't need TLS to have cryptographically signed contents that let clients avoid MitM attacks.
HTTPS instead force your client to connect the server even for non sensible contents that could be safely cached by middle proxies.
And that, in turn, enable servers to track people with higher precision.
So, yes, it 2022 and I don't want to enable HTTPS on websites that do not need it (no sensible components and no form or js).
And I do so exactly to spread awareness about the limits and implications of HTTPS everywhere propaganda.
