Home | Save HTTP !
Save HTTP Logo

... because some people need it.

0: Table of Contents

1: What is this text about? (Introduction)

The simple old HTTP web protocol (the dialog used by browsers to fetch web pages from servers) is getting exterminated by ever more web admins. By blocking it, or usually redirecting it to HTTPS. This is meanwhile the case at over 90% of all web sites.

Reason for this is, according to statements by various admins, that they, out of fear of the state, want to encrypt all web traffic (which HTTPS does). As long they only did this with their own web traffic and offered it to others for facultative use, this was no problem.

This is not so any more. They are now forcing others to use HTTPS. This however gives massive problems, as cryptography is difficult to implement and in particular decays fast. Which throws people with alternative or old software (or computers which use such) out of the web. No matter for what reasons they use such:

The aim here is thus, to save HTTP from extermination. Simply because many people still want to keep it or even need it. Without HTTP usable some 15 to 50 million affected users are else getting thrown out of over 90% of the web!

Attempts, to bring the web admins who dictate enforced-HTTPS to their senses, have failed for a duration of 2 years (2017 to 2019). More than 90% of those addressed have completely refused to take notice of any arguments. This mainly with the statement, that the "great danger" justifies such measures. Complaints, that the danger is neither large nor the measures justified, are rejected. The same happened to complaints, that "protection" which damages more than it protects in not protection. Thus this Plan A has failed.

Because of the above situation this awareness campaign is now being run. It is directed at the general public. It should inform people about the acts, which are being perpetrated hidden from general view. Aim is, to with this Plan B create enough pressure, to correct the problem:

Aim of the campaign is, to unite all interested parties into an alliance of the open. Aimed against the web admins, who want to completely close everything, from fear of supposed "danger". This no matter what it costs uninvolved users in loss of the web. This loss shall be reduced from in the mean time over 90% to at least below 10%.

This text has been deliberately written as basic text, covering all aspects, so as be usable as a "buffet". It can thus be linked to from other texts, so that others taking part can extract and extend whichever aspects are important for them. They can also write shorter articles, without their readers losing access to material they have left out. Because of this the text is about 40 pages A4 in size.

2: What is the current situation?

To web surf you need, in addition to a computer and an internet connection as base, a browser, with its HTTP connection to the web server. HTTP is simple and implementable by any programmer. The web was thus able to spread fast and wide, because many different browsers were creatable, on all types of computers, even on 1980s 8bit computers.

It has though a small weakness, in that everything is transmitted openly. This can be problematic in some borderline cases, such as with credit card numbers or accounts with passwords. To solve this HTTPS was developed. That though is complicated, because it uses demanding specialized cryptographic mathematics. It is thus difficult to implement. Usually it by lack of understanding can not even be implemented at all by most programmers. Some older and also smaller new browsers and systems thus can not offer HTTPS.

Far worse, because it is based on cryptography to hide data, it decays fast und repeatedly, even where it is present. This because the used cryptographic algorithms keep on getting broken, by cryptoanalysts. Against this problem new routines get developed, by cryptographers. Followed by these again getting broken, again requiring new ones. All this as part of the war of cryptographic hiding and revealing.

Objective of that effort is, to retire broken from own usage, before the the adversary breaks them, and also to break the adversary's ones, before they notice and thus retire them. All this with massive financing behind it, to convert the later into former, powered by the entire military command structures and the spying agencies of all countries! There is thus a continuous arms race in the cryptographic war, which makes repeated replacement necessary, what practically guaranties, that this situation will continue to remain unchanged.

(Note: Background for those, who ask why the algorithms keep on breaking: The fundamental mathematics behind the public key (PK) cryptography, used on the web, is based on creating multiple long random numbers. From these two numbers are derived with formulas F1 and F2, called public and private key. For using these applies: Data + formula F3 + public key = Secured, so that Secured + formula F4 + private key = gives the Data back. For this a set of four formulas must be created such, that the private key can not be reconstructed from the public one. And also not the random numbers, which by using Formula F2 would lead to it. Strictly speaking this is impossible, because every formula has a reverse, so also F1 has a reverse-F1! But there exists maths, where no reverse-F1 method is known, which could be computed with present day available processor power. Cryptoanalysts search for new mathematical methods to achieve such reversing using present day processor power. On the other hand cryptographers also search for new formula sets, for which no known reverse-F1 exist. There exist therefore only two types of PK crypto: Already broken and not yet broken.)

HTTPS as a protocol may now be some 20 years old, and has become widely spread since about 10 to 15 years. But the cryptographic algorithms used apparently have a life cycle of only about 5 to 10 years! This becomes visible, when phones and tables from 2012 and computer browsers from 2011 began to fail in 2018, after only 6 or 7 years. On some web sites they already bring a "no common algorithm" error message, which means that all algorithms implemented then have by now been disabled on these sites. It can be assumed because of these being broken. Or at least regarded as too weak. With a computer browser from 2003 this was in 2015 after 12 years the case on practically 100% of all web sites.

Even where HTTPS is available, it thus needs continuous software updates to stay usable. After 5 years at the latest (if one wants to use be able to use all HTTPS web sites) or 10 years (if one wants to be able to use more than a small fraction of them). With modern mass market browsers this is no problem. But many developers of small browsers or systems can not keep up with this. Older, not any more maintained, browsers or systems have no chance at all. Only a few large new ones can do this.

Using HTTPS thus requires giving up of existing and reduces choice of new computers and software. But especially software allows massive choice, because it can be written and copied by many. It is free of limitations from mass production and its financing. Only a single development needs to take place, after that the rest is only copying. The entire Open Source software (such as Linux) originated from this.

Such choice is already endangered by featurism, because this increases the work to produce software and thus reduces the choice offered. But this problem only applies to specific sites, which use new features so badly, that they fail to support older simpler browsers. Such failure is also graduated, from not optimal rendering, over single features failing, up to the entire site becoming unusable.

Cryptography and HTTPS, with their difficult technology and repeated replacement, add massively to this effect, and always with the result of total failure. That massively increases the bad trend. This with in the meantime the large majority of over 90% of sites being affected, not just single ones. In the end what choice remains is a small selection of large mass taste software.

But cryptography and HTTPS are not really needed for most applications. One can avoid them for normal web usage, by continueing to use HTTP. Only for a few special sites, where HTTPS in necessary, one can use a secondary browser or even a secondary computer. Or simply not use such sites, don't use web shops with credit cards (only such with payment per bill), don't have critical web data with accounts and passwords (uncritical only for preferences are no problem). For all other sites one could continue surfing with HTTP, which is most of the web, way over 90%.

That is how it has been done for decades. HTTPS only used by those who wanted its special features, but avoided by those who didn't need it, because they only did things where it was not required. Everyone lived as they wanted and could and let others live how they want and can. This for a long time was no problem for anyone, all could arrange themselves with it and choose what was best suited their requirements.

The situation has changed now. Since about 2015 ever more web admins are enforcing the use of HTTPS. These admins demand that HTTP has "got to disappear", all web traffic must be with HTTPS. They enforce this by closing down HTTP, thus making access to their servers impossible. To stay inconspicious, instead of giving a visible "no server" error message when HTTP is used, they usually place an underhanded HTTPS Redirect (automatic detour). Browsers which can use HTTPS follow this detour silently. The majority of users, with sufficiently new mass market browsers, notice nothing of this measure. But this forces all users to take part in HTTPS, no matter if some of thems browsers fail because of this, no matter how large their problems become.

Such web admins usually also allow HTTPS only with the newest crypto algorithms. Old ones are not even allowed as a fallback, despite HTTPS providing for this, and simply prefering newer if these are present! This only newest is so, because the sort of admins, who close down HTTP as a "great danger", have already before disabled old algorithms, because they consider these as "too old" to also be "danger". With which they destroy backward compatibility maximally. A quote from one such admin: "I only use the best algorithms" (which together with his "newer = better" thinking also means "only the newest"). Another quote after: "Open is not at all such". (Which suggests, that the algorithms, which they have switched off after a few years, may not even have been broken. In addition to enforced-HTTPS this is thus also enforced-newest-HTTPS, with the former only laying the base of the problem, and the later making it far worse.)

This results in pressure on everyone to repeatedly update to newest HTTPS. No matter if they could get into problems because of it. No matter how large the problems. No matter if some do not want to or even can update. No matter that for some it means being thrown out of the web. Criticism of this behaviour simply gets answered with "go and update", with an implied "do what we say dumb user". Criticism that this is not always possible is simply disregarded. And because of the underhanded Redirect the majority doesn't notice anything. It remains an act hidden from view, despite in the meantime being widely spread:

Even worse, this trend is starting to expand from the web to mail, with enforced-TLS there. With same problems should no TLS be available, or it is just too old. I first heard mention of this in 2018 and met a first case myself in 2019. Mail with enforced-TLS thus has about the same spread now as the web with enforced-HTTPS had in 2015.

Also later in 2018 I heard first time of plans, to fully encrypt the basic network as such. This would not just kill most of web sites and increasingly mail, but simply 100% of all net services. It would so be even worse.

Should it continue like this, the result will lead to exclusion, from the web and mail, or even the entire net, of all users who do not or can not upgrade their systems, as demanded by such admins. Strictly the World Wide Web (that is what the WWW means!), which was open for all, is secretly getting replaced by a crypto limited web, in which only those who use sufficiently new crypto will be entitled to access.

Anyone who understands what the net has given all, and how many today rely on it, recognizes how such a throwing out massively harms all affected. As consequence of this the affected are now defending themselves, against this damage being inflicted. At least those who know about it. This campaign exists, to show up a mainly hidden problem and to get it corrected.

3: Who are affected by this situation?

All of the above would not be a problem, if no one were affected by it. But many are. Exactly because people are so diverse, enforced encryption with its limiting consequences, strikes in various situations in various ways for each of them. The "go and upgrade" dictatorship collides everywhere where someone does not want to upgrade or for some reason can not. This includes all those with old software (or old computer with such on it), no matter for what reason they use these. In some special situations even new computers and software can be affected. I know in the meantime about an entire spread of user types so affected, but there surely exist even more, who are unknown to me.

3.1: No updates available

Directly this hits all users, who can not get any updates. Not every manufacturer still exists for every device, that is still in use. Or has, even if they still exist, an interest in offering updates for an old product, preferring instead to sell a new one. This happens ever more often, in particular with tablets and phones. Computers more often get system upgrades with updates to those, if the drivers still run on older ones. It is therefore simply not possible to update everything. Only replacement is possible, at cost of loss of property. The users of such devices want to weigh up the sure loss of the device against the questionable gain in security.

(This is for me an important point: Both my phone and tablet, from 2012, are from manufacturers that do not exist any more. Therefore there are no updates and am getting ever more problems on web sites with too newer HTTPS.) (Addendum 2023: Both have by now become unusable on the web, tablet became entirely useless and scrapped, phone can only do calling and texting.)

3.2: Financial Limits

Such replacement hits even more all users, who can simply not afford new for themselves. Not everyone can regularly replace all of computer and tablet and phone. Even those who could, may want to avoid unnecessary replacement, to spend money on something not yet bought, or save up for something even still to come. Some can even only afford used computers/tablets/phones which others have thrown away. These usually have a certain age. Some use, due to lack of owning own, only devices which are provided to the public. Often the sort of organisations which do this are financially limited. Anyone who believes, that computers have today become so cheap, that anyone can buy new ones without problems, should look at the situation of the majority of people in third world countries. In Africa today a smartphone can be more important than a car! But also in rich countries some people live at the edge of existence.

Specially for people with little money the Internet is extremely important, because otherwise they have little. That situation also applies here at us, as ever more things end up on the net because of providers cutting cost. Old paper versions completely disappear, or at least get burdened with ever more and increasing charges. So losing access to the web makes such things more expensive or even entirely lost. Without a computer getting pushed to the side of society, or even entirely thrown out, is in the meantime known as Digital Divide. This is now getting increased, already to those without a new enough computer. Those affected by this want to keep what they managed to achieve.

3.3: Special equipment

The problem also hits all users, who need special equipment or browsers, for example disabled persons. Such as the blind who use speech output that can convert text but fails at reproducing pictures. Not everyone can get a fitting replacement for existing, or such is limited by the finances of aid organisations. For these the Internet is even more important, because it gives them access to lots of otherwise unreadable information. This also applies when just wanting to have special user interfaces. Such as some Autists and Aspergers, who want to avoid modern overstimulating GUI designs. For these the Internet is just as important, because it gives them time and space, to use their fitting methods. More generally accessibility or barrier free applies to any form of capacity. The affected here want to keep what they managed to attain.

(This is for me an important point: As weak case of Asperger I prefer graphically simple older browsers and mailers.)

3.4: Usage Worsened

Even without financial or other limits the problem hits all users, who from upgrades needed for updates receive a worsening for their usage. Or if none are available, from replacement with new get such. As with all Windows users, who did not go from Seven to 8 or 10, because they prefer the old styling and/or behaviour, or even consider Seven to be far better. When the support for Seven (7) ends, as has already happened for XP (5) and Vista (6), browser and mailer updates (which apart from bugfixes can also deliver newer crypto algorithms) will not appear anymore. It is just a question of time until HTTPS web sites (and also TLS to outgoing mail servers and POP3S/IMAP4S to mailbox servers) start not to function any more under Seven. Then welcome to the enforced upgrade to 10, no matter how much one dislikes it. Or welcome to the enforced migration to Linux, no matter what that costs.

Same all who want to keep an old phone with a real keyboard, because they can write faster on it. Or those who on existing computers have old programs, which they want to continue using, but which do not run any more on newer systems, because these have been extended in incompatible ways. These users want to keep what in usage fits better to them.

3.5: Retro Computers Preferred

This also includes all users, who prefer retro computers, or even just retro software on newer computers. Not everybody regards the newest and most modern as the best. Real progress does not consist of always using the newest, no matter what it is. Only offering new, which gives users more choice, from which everyone can pick what fits them best, new or old, is true progress.

Be this because old software user interfaces fit better to some people. Either because they leave more screen space for seeing data, or simply distract less by interface widgets. Or because some people prefer the those days characteristic visual styling and/or the those days fonts. Or because they like the simpler structure, with less featuritis or even misfeatures, and without the power requirement needed for features.

Be this because they don't want software with virus endangered data formats which contain scripts. Which even applies to JavaScript in web pages, which some people switch off because of this. Or because it is too often misused for annoying effects. Because they prefer to have safe and stable base functionality, instead of marketing effective but deceptive decadence. Or especially after having known old robust reliable software, do not want to use modern brittle bugware that is full of holes. Same don't want to have their auto-updates, which are necessary because of the many bugs in modern software, but can block the system even in the middle of an important operation, even when explicitly stopped with "not now". Or when, after at long last finding all update off switches, the software at every start complains about missing updates, its writers treat the users as a nanny.

Because of such not everyone has an "always the newest" attitude. Some want to explicitly use better fitting older. They doing this accept technically given limits, from slower processors and networks plus smaller memories and disks plus missing features and no scripts. They expect that thus some feature-rich Web 2.0 platforms fail, but also that simple web sites including wikis should work.

Forbidding such would be analogue to the department of vehicles forbidding all old-timer cars, or the building planning office forbidding all old houses. Forcing all people thus to use new vehicles or new buildings, would rob all users of the preferred character of the old. More analogue to the situation here would be, should the roads department get infiltrated by electric car extremists, it would gradually dismantle all access to petrol stations, as a means of forcing people to switch to electric. Which though would make all old-timers unusable. Followed by reacting to complaints by their users with "go and upgrade".

Doing such, without public discussion or agreement from this or law demanding it, would result in massive protests because of despotism of the officials. Similar wanting to use old is now an increasing trend in retro computer and retro software users. Forbidding this is the same despotism of admins. These users reject this, want to keep what fits in style to them.

(This is for me the most important point: I prefer retro software for simple user interfaces and robust design. This is also why this site comes deliberately with a retro web styling and logo.)

3.6: Using Learning Computers

This also includes all users, who use neo-retro learning computers. These are new developments, based on retro computer principles, which allow users to experience and understand the inside of computers, because they are simply structured and thus comprehensible. (Original retro computers are also so used, but are, because not manufactured any more, limited in number and accessible only to collectors, are not available to random students or other types of learners.) Such devices can also run on the net, with Ethernet adaptors (or RS232 to SLIP/PPP router). Internet TCP/IP and web HTTP and HTML (and mail SMTP and POP3) are easy enough to implement on such computers (even on 8bit, within the limits of their small memories and processors). Only like this can one really understand how computers and the Internet work. Such understanding can slow down todays trend, that goes towards ever less comprehensible bloated systems. And from only knowing such, to ever more ignorant developers, which because of this produce ever worse systems. While doing this is already secured for the actual computers, it only applies to the Internet if this continues to cooperate, which only proves, that these simple computers are complete. Some people want to learn how everything works.

3.7: Conservation of the Environment

This also affects all users, who first want to use up old stuff, because of environmental load. Complete conservation of the environment consists not only of consuming less energy and producing less emissions, but also of consuming less raw materials and producing less waste.

Today saving electricity and reducing CO2 may be the fashionable issues, but some people despite this regard reducing waste as more important. This applies in particular to electronics waste, containing heavy poisons in some components. Also at their production massive amounts of water poisoned with heavy metals occure, which has to be purified with energy intensive electric filters. One note here how long solar cells need, until they have produced more electricity than their manufacture costed. (Note: Bonus points go to "environmental protectors", who just to save energy forbid poison-free incandescent lights, to force changing to mercury-containing CFL lamps or arsenic-containing LED lamps.)

Consumption of raw materials is even more problematic, because some of them are running out and once gone will not come back! Which is why some people want to reduce this. That in particular since the highly questionable forbidding of lead-based solder and its replacement by silver-based. By which one of the fastest depleting and most difficult to replace raw materials gets used even more. (Note: Bonus points go to further "environmental protectors", who waste critical raw materials like this, just to save gramms worth of lead bound to tin in electronics, despite the kilogramms worth of pure lead in car batteries.)

Even if using anything new is acceptable for someone, even without any financial or technical problems, some regard the environment as important. Thus not everyone wants to throw away and replace computer and tablet and phone every few years. Not everyone believes in the turnover and profit maximising "every 3 to 6 years new" thinking, no matter how the environment gets poisoned and used up by this. Some know, that even 10+ year old devices can work very well. Even if the faster aging silver-based solder is reducing this. (Note: Bonus points to the second "environmental protectors", when one considers that with faster aging more electronic components get scrapped, in which are far worse poisons than lead.)

Thus some want to fully use their devices until the end of their lifetime. Some even want to specifically pick up what others have discarded and use that up, because such continued use is the most effective recycling and thus also the best. Should the need arise, this also by combining multiple broken devices into one functioning specimen, or even scavenging very broken ones to obtain replacement parts for repairing others. Which all results in using older stuff. These people want to conserve the environment instead of straining it more.

(This is for me a further important point: I consciously use what others have discarded. That is also why this site comes deliberately in simple HTML which is also readable on all old stuff.)

3.8: Boycott of China

Add also all those users, who do not want to buy a new device, because such are today often made in China and from desire for boycotting the system there. Anyone who notices, that Stalinism was actually Fascism minus Capitalism plus Communism, then Maoism was Stalinism minus Socialism plus Confucianism, now todays China is Maoism plus Capitalism added back in, so only differs from Fascism by having Confucianism instead of Nationalism, does not want to thoughtlessly finance such a regime.

Especially since todays "cheap is best or even everything" thinking has destroyed most alternatives, some people prefer to refuse buying new and continue to use existing. Or even pick up and use what others have discarded. Even those who have no problem with the regime may, because of environmental impact, not want to transport things around half the world. Or they want to, even without environmental interest, simply support local jobs instead of imports. Both of these all though it is more expensive, with for this saving up money, instead of spending it on unnecessary replacement. These people want to either from boycott or saving reasons reduce unnecessary buying where possible.

3.9: Web Archivers Data Access

Not only people with old computers get hit. Even someone who has a new one can be hit, depending on what they do with them! After all there exist users, who automatically record and archive their visited websites, to preserve this part of culture. We today have an information society, but this will not be comprehensible in a few decades, because lots of data is usually thrown away after use, "one can always fetch it again". But this only goes until the provider deletes it, no matter whether this is because of loss of interest, or lack of profit, or by not existing any more. Even archived stuff becomes, far too often, unreadable because of media degenerated, or just thrown away later from lack of space. Or, despite existing, a searching party does not find a copy, that would be available at someone else. The entire downloadable content (DLC) approach of the web threatens to become an informational black hole, in future just as blank as the dark age of the first half of the middle ages became.

Not everybody has such a throw away attitude towards data, no matter if already existing or still coming. These know that only as many as possible distributed collected and stored copies can halfway secure continued existence and availability and so at least alleviate this problem. Explicitly creating such copies by downloading entire web sites, puts a massive load on these, and is highly disliked by their operators, up to them locking out people who do this. Creating such copies piecemeal, of only what one fetches anyway, is thus a better method, but a lot of work. This can though be simplified by using automatic archiving.

Enforced-HTTPS though sabotages this, because browser external web cache programs, which can be used for this, are dependent on protocolling and storing the web traffic as HTTP proxy. Which the cryptography in HTTPS prevents as "spying". These archivers want to keep their past and continue to record the coming future.

(This is for me a further important point: I use a web archive since decades. Some web pages important to me I can only still read thanks to my archive. That is also why this site comes deliberately in simple archiveable and surely staying readable HTML 3.0 and is without any JavaScript, or even worse dynamic pages. Also as one single file, so that it even without web cache can simply be saved.)

3.10: Web Cachers Data Access

Not only users get hit. Even other types of admins are affected! Some net admins want to scan all web traffic being ordered, to fetch identical requests by multiple users only once, to preserve bandwidth. In particular viral videos create load peaks which slow down networks and even overload servers. Or just recode or compress inefficient data formats. In particular Web 2.0 Sites have large amounts of repetitive coding in them. Enforced-HTTPS though sabotages this, because its cryptography also prevents the HTTP proxies used for this as "spying". Result of this is increasing bandwidth usage. These net admins (and their users) want to avoid slower network or higher costs.

3.11: Web Scanners Data Access

Some net admins want to scan all web traffic arriving, in the fight against virus attacks and computer intrusions, and also against spam distributed by and DDoS attacks committed with such techniques. For this they want to analyse the web traffic with an method called "deep packet inspection". Enforced-HTTPS though sabotages this, because its cryptography also prevents the HTTP proxies used for this as "spying". Result of this is a security measure (against spying), which collides with other security measures (against intrusion into and abuse of systems for spam and attacks). These net admins (and their users) want to prevent abuses.

4: How many are affected by this situation?

The amount of those affected is far more than one would expect. On a geek mail list reaching about 100 persons there was already a further one, so 2% of them. This despite that geeks rather frequently upgrade or replace their systems! In a sport group of only 10 persons was another, he had to replace his tablet. So there are likely even more percent. If one sees, that end of 2018 there was still about 10% HTTP web traffic, despite enforced-HTTPS, even more percent can be expected. It one sees that even in HTTPS web traffic, middle of 2018 still 6% of browsers had no TLS1.2, even more can be expected. My current estimate is, that those affected by this most likely range from 3 to 10% of all web users. Which is why also the remaining 90 to 97% do not notice anything, it all stays so well hidden!

Many notice even less, that the sum of all affected adds up to a large problem, so don't defend themselves. Above 3 to 10% (middle 6%) of somewhere 300 to 1000 million Internet users (middle 600) are after all 0.06*600=36 million, so with same scatter about 15 to 50 million affected are to be expected! (Even with only 1 to 3% (middle 2%) assumed, this would still be 0.02*600=12 million, with scatter 6 to 18 million.)

Worse, this is even the case after 20 years of using HTTPS. That because of the rapid decay of cryptography, with observed algorithm life cycle of only about 5 to 10 years, and completely deficient backwards compatibility, but with even 10+ year old devices remaining in use. It will, because of this contradiction, likely remain constant at above 3 to 10%! Socially important infrastructure can not be built on top of something so brittle, may not expect such.

The problem further gets underestimated because of very misleading non-expressive error messages. Such as "Network error" or "Protocol error" or "Connection failed", which contain no reference to cryptography as cause. Or possibly "No secure connection could be established", or better "No common algorithm", which at least point to cryptography, but do not say that this arises only because of decaying algorithms. All this often only with an "OK" button available, despite this not at all being OK, with neither "Use unsecure connection" nor a more neutral "Abort" being offered. This followed by not getting any page.

(Note: If a page does come, which gets rendered wrong, or with error messages, or user interface fails, this is not a case of the HTTPS problem, but just that the too new data format is not being understood. In particular with use of JavaScript, without fallback to simple HTML, for users who block JavaScript, to eliminate abuse of it.)

Such happening often enough results in an "oh doesn't work anymore, computer/tablet/phone seems to be too old and used up" attitude. Followed by discarding it, because an "one can not do anything else" situation exists. The result, depending upon circumstances, is replacing or going without, but definitely a loss. Bonus points, when some people through this lost access to web sites with data which is important to them, or even lost editing their own web site, had to replace to prevent this happening. No matter what replacement cost in sacrificing other wanted purchases. No matter if they could not even replace and so lost-out permanently.

Only a few affected recognize, that they have become victims of a deliberate lock-out and of an underhanded expropriation. Here we can expect large dismay and protests, as soon as all this becomes known, as people notice, that their losses were not technically unavoidable, but were only politically motivated inflicted upon them.

Considering that the "great danger" is usually irrelevant, such out-casting of so many millions from the web is totally inappropriate. Everyone should be allowed to freely decide on their situation, as it fits best for them. Everyone should be allowed to have their own estimate. Both of the danger and of the use of HTTPS against it, as also of the losses and the costs of these. No matter if in keeping devices, or keeping to financial limits, or using equipment, or keeping features, or using fitting software, or being able to learn, or conserve the environment, or decide on buying, or archive web, or preserve bandwidth, or scanning web traffic.

This followed by being able to live out their own decision and priorities, including being allowed to have a "this danger is irrelevant to me" attitude. With then using what is fitting for them. Nobody may force their views upon others, because that is making up their minds. Nobody may lock-out others, just because they consider an important to them "great danger" to be neglible. Because of that this campaign has been initiated, to make these hiddenly committed deeds known, get people up against enforced cryptography.

5: Who is causing this situation?

After recognizing the above situation, with all its consequences, one soon asks, who the web admins behind enforced-HTTPS actually are and more important what is driving them.

5.1: Fear of the state

When one criticises such web admins, as I have repeatedly done since begin of 2017, one quickly gets from many of them the statement, that they consider HTTP to be a "great danger", because it is open. They know that the state records surfed web site traffic. This is already known to attentive insiders since decades, but to many others only since Snowden in 2013. This gets done in an attempt, to extract conclusions from surfing patterns and by this identify terrorists and other criminals. This if possible to discover suspicious persons before a criminal act takes place, or more often only after an act to investigate the perpetrators.

But such admins have developed a mistaken belief, that the state intends with this to undermine and attack the entire population. They have developed panical fear of this web surveillance. This "great danger" is in reality completely insignificant for 99% of normal people. The state only has limited resources of finance and staff and so aims these mainly at persecuting criminals. From recording they only get thousands of millions of surfed URLs, which results in a massive pile of data. They thus can only filter the records for patterns, which could possibly suggest a crime, simply because reading all of them is impossible.

(Note: Background for those, who ask how such filters work: Possibly relevant data is buried among a large multiple of irrelevant ones. This is not any more looking for a needle in a haystack, which is easy to do with a magnet, but looking for needles with specific rust patch patterns in a pile of other needles with other patterns! Because of this many tests for various possibly relevant patterns are used, both word combinations and sentence structures of the data, as also time and sender/receiver, but also connections to other data. All tests with a "0..100% fitting" result, which is known as "scoring". For all these tests each individual can also trigger on irrelevant patterns, such as a search for describing an planned attack also triggering on reports about a committed attack. Principle is, that relevant data will trigger more tests as positive and/or those stronger, than just accidentally similar but irrelevant data. For this average values and peak values of all tests get compared. Then a certain percentage of top test results are given out to the personnel, which assesses them. The filter techniques are comparable with those in spam filters. Just that spams let through are only annoying and wrongly deleted non-spams usually not a catastrophy. While here not discovered attacks cost lives and wrongly given out non-attacks overload the personnel and so possibly prevent discovering real attacks. To improve the filters the best language analysis researchers are recruited directly from universities.)

Despite this they often fail at finding crimes before they happen, but after an act has happened, they can search for traces of it in the recorded data. Mostly data is only collected for later use. As with any not prevented attack, but only hours later the perpetrators are identified, a feat which no investigator could ever achieve. So this act and the perpetrators were already present as traces in the data, but they were not filtered out before, simply because this is difficult. Only with knowing about the act did the connections become recognizable.

No one needs to expect negative consequences from this recording, unless he is massively sticking out. Normal people who surf normal sites have no need to hide anything, because they get filtered out anyway by the scoring, in the states own interest of not getting personnel flooded with irrelevant data! Committing severe crimes sticks out the most, but that will assumedly have consequences anyway. Normal over 90% of all people do not get into this situation anyway, so they are not in any danger. That because all types of breaches of the law get filtered out, which get perpetrated by even only 10% of people, while perpetrated by 1% are more likely recognized, the safe border is likely around 3%.

Such surveillance is wanted by many, exactly because they feel safer with it, no matter whether cameras recording or net filtering. Laws and budgets for such get enacted, because they are desirable with the majority of the population. This despite that officials are already drowning in too much data and since years do not want to have any more! But politicians enact ever more such laws, exactly because they sell well in the fight for votes.

But such web admins regard themselves (and all other people!) as "massively endangered" by this surveillance. Thus they want to exterminate HTTP as a "great danger". They consider HTTPS to be the only salvation from this "danger", because it is closed. By which they are actually implying, that they (and all others!) are surfing extremely questionable web sites, which when filtering for suspicious persons would be discovered, and thus want to hide themselves. Only a large section of admins behaving so disproves this straight conclusion as statistically unrealistic. This is more likely a case of widely spread loss of reality. It comes from them talking each other into believing their fears, outdoing each other with reporting the newest scary imaginations, by now running over years, thus stirring each other up, until todays derailment.

Compare this effect with the once widely spread massive fear of airplane crashes. These are (and were) in reality less dangerous than traveling by car to the airport. One only needs to compare the thousands of air crash deaths per year with the millions of road accident deaths per year, to see the difference. A statistic, which even with less people flying than driving still made the latter less dangerous. But spectacular reporting of crashes resulted in an actually small danger getting massively overrated, due to the resulting one-sided over-information (all air crashes reported, but only a vanishingly small part of road accidents), which produced an unrealistic perception as larger danger. It took multiple decades until at a more realistic view gained acceptance. The same overreaction has been repeated with terrorism. Again only thousands of deaths per year, but reported with just as much spectacle. Here also, after initially large panic, only after over a decade a more realistic view surfaced.

The same applies now with surveillance supposedly being a "great danger". Despite not even any deaths happening, so no spectacle from such! Here, as far as observed, instead of external reporting an internal group dynamic is in effect. This originating from an extremist section of the American civil rights movement. This movement regards itself by principle as potentially being persecuted by the state. They want to prepare, for if or when the state becomes a dictatorship. In the extremist fraction this expands into believing, that the state is already today persecuting all. They want to thus defend and fight against it. This section is even inside the movement known as the "lunatic fringe" (which clearly names them for what they are).

The more some web admins got infiltrated by such thinking, the more they have talked to each other and thus confirmed their fears. The social media echo chamber effect taking place. After ever more of them looked out for signs of danger, have so stirred themselves even further up. The social media filter bubble effect taking place. They have also infected others, so that ever more tipped over and infected others further. Which leads to even multiple effective feedback loops, driving depth and width, deepening and spreading this fear as a viral meme, exponentially driving itsself up a spiral of fear, creating an entire subculture of fear. Result is a massively distorted perception of a micro danger, followed by a complete loss of reality, up to developing paranoid insanity.

This is the insight gained from multiple years of discussion with some such web admins and observing how they argue among themselves. This includes hearing their repeated claims that, they are not insane, just "paranoid to the proper amount". Which they claim is something good, regarding it about about at the same level as "being cautious". Please ignore, that paranoia is simply a short term for paranoid insanity. Also ignore, that their "proper amount" is offbeat by a damaging amount.

5.2: Overreaction

Such web admins are now totally over-acting, out of fear of this "great danger". This is perhaps comparable to an immune system overreacting in a very clean environment, which leads to allergies. Just here comparable, fear overreacting in a very safe environment, which leads to psychosis. From this they treat this "great danger" as a catastrophic threat, which has got to be prevented, no matter what the consequences are. They therefore want cryptography, to be safe (where in reality they want to get their fears under control).

If this only pertained to their own surf traffic, it would not be a problem. If they operated their personal sites with enforced-HTTPS this would only pose a small problem, because affecting only their sort of people as readers. Everyone shall live with what makes them happy, everyone should be in a position to arrange their life as they want to. Even if this is slinking away and hiding themselves from empty fear. Here the old saying of "live and let live" should apply.

In the meantime however they enforce and propagate enforced-HTTPS also on sites, which are used by people, who are not part of their circle. This becomes a problem, because these other people get locked out, if they do not have HTTPS, or even just have a too older version, for whatever reason. That gives a case of a security measure which creates way more collateral damage that in prevents, because it creates a total loss, despite for most people only preventing an insignificantly small danger.

Which is contra-productive, like so many other security measures in recent times. All too often only the advantage aimed for gets seen, the costs of side effects get ignored or at least are undervalued. That likely because measures which were ommited hit those responsible with accusations or even punishments, but collateral damage "only" hits others, and can simply be passed off as "necessary" with the universal excuse of security. In this it is even irrelevant if the measures actually work, so long as those who elsewise would make accusations believe in them. All of which is not a new insight, but repeated observation with the many security panics of the last decades.

People who deploy such measures, should thus advance cautiously and look out attentively for any problems that they could create. Such a procedure was failed here completely, those responsible not recognizing, that some people do not want this "security", because they prefer to continue to use HTTP. For which it has to stay open. Everyone should be able to live with what makes them happy, some hidden, some open. Here also applies "live and let live", on both sides. But this is not allowed any more by the web admins using enforced-HTTPS, their "important" measure is forced onto all.

Such web admins could initially have acted out of desire to protect people, but with ignorance of the consequences. Though such consequences could have been prevented with enough caution. But panical fear produces a feeling of being attacked. This reduces from the intelligent but slow greater brain to the faster reacting but limited reptile brain, which is known as regression. That prevents higher thinking and thus also empathy, suppresses respect for others and any caution coming only from such. Which is also known as "fear eats the soul". This is also seen in any case of discrimination, where fear of a specific group of people leads to "defensive" behaviour, which harms other "similar" but uninvolved people, and also prevents recognition of this error.

But such lack of knowing ended as an explanation, at the latest when they were criticised by the victims, thus the damage became known to them. They should have reacted to that by recognizing the problem and again opening up HTTP. Latest after this problem repeatedly being pointed out, so that being surprised by something new is not limiting their vision. Because this was not done, their "protecting people" reason becomes a lame excuse and no longer usable. Because "protection" which harms more than it protects is no such, and is to be rejected. Here also "live and let live" applies, on both sides.

Such web admins carried on regardless. From their mistaken belief, that this is a "great danger", with the claim that such "justifies" their enforcement. Even after they knew, that they are banishing people from the web. Even after what is happening was explained to them and why that is unavoidably so. Even after they were confronted, that their "great danger" is in reality only a meaningless micro danger. They reacted to the criticism of their behaviour and damage with total rejection.

5.3: Know-alls

From their arguments it quickly became visible, that they "know all". After all they as insiders and professionals have evaluated all which they see. They from that have found the only true solution, all other "must" therefore be "wrong", and is to be rejected. They have this attitude, despite being only a relatively homogenous specific professional group, and as such largely ignorant of all the other 7 billion people with far more diverse life situations, for which other priorities could be better. Especially as they from their "know all" attitude drop any observing and so do not get to gain more knowledge. Such admins still believe, that they know all better than the entire rest of the world, because they after all are insiders and professionals. For real they don't even know how little they know.

(Note: Which is why democracy as its most important elements, together with freedom of opinion and freedom of speech, also contains representation for all. Exactly to prevent such dictatorial behaviour, by creating a state, in which anyone can both know of a life fitting for them, and are also allowed to strive for such. That is the case since centuries, because these are not new insights.)

Since they believe, that from recognizing the "danger" they have achieved the total truth, they know all even better. Their "correct" view must therefore forcibly be implemented. This specifically against those "unreasonable" users, who "endanger" themselves by using HTTP. That because those "unreasonable" users, by criticising something important like security, have clearly demonstrated, that they are "obviously" stupid or insane, are not to be taken serious. They must therefore have their life determined by the all-knowing, for their own security. Only who recognizes this party line as true, and follows it, gets respected. In reality all typical of behaviour which fits paranoid insanity, which together with know-all has become fanatism.

Contributing to this is, that many admins have decades of hearing and passing around "dumbest user at hotline" stories behind them. Some of them do not recognize these as the bottom 5% of users, and regard them as representative, ignoring the middle 90% and top 5%. They thus regarding themselves as "better" than the entire "stupid users". Such views are not at all seldom. Especially because users usually have less special technical knowledge, which in effect can be confused with being stupid, especially if one is unattentive. From believing, that "stupid users" are the normal case, getting to "stupid people" as root of this "stupidity", and thus the "better ones" "must" make up the users minds for them, is just a small step on leaving the straight and narrow path.

Some admins even use knowing the damage as threat, instead of for insight, to push through their "go and upgrade" demands. One extremist even went as far as extortion. He explicitely denied an affected user access to information on his communication service, about where the user's group of colleagues newly meet. Despite that he thus loses contact with his colleagues (and they also lose contact with him)!

This is thus not any more a case of ignorance. Is getting continued in full knowledge of its consequences. It is a pure act of inconsideration, coming from their ideological blindness. They believe in having to forcibly bring luck to all with cryptography. Whether this brings them luck, or they go under from the resulting exclusion! All this without any legitimation of their actions, or even just public discussion about it, let allone any agreement regarding this. This just gets dictated by them, self-willed and high handed, no matter the views of others. The behaviour of fanatics, who become dictators. With this behaviour they have become enemies of a free society.

With which they become similar to comparable types of officials, just (mostly) payed privately not publicly funded, but apart from that the same type of persons, the same behaviour. Absolute power corrupts absolutely. They are even worse than most officials today, because of less public influence from outside on them, which limits their power. They are more comparable to royal officials of 100 to 300 years ago. Both have the mistaken belief, that they as insiders know everything better than the entire rest of the world, thus may dictate to them. This despite for real as one-sided being ignorant. That is pure snobbishness of these "better" ones, although both actually know far less than all other people put together, but they have a power position and exploit it.

5.4: Counterreaction

As stated previously this is not just single web sites that are affected by enforced-HTTPS. In the meantime it is over 90%, by far the majority of them! In 2015 it was just the frustration of not being able to access Wikipedia. In 2016 it was just slightly more. But from 2017 it became ever more web sites, previously ones used which more and more went lost, also an increasing share of search engine results which were rendered unusable, with more frustration. In 2018 it became dominant, way over half of all sites did not work any more, with ever more frustration from this. In 2019 it became over 90%, which has caused massive frustration. In 2020 is became unusable.

In 2017 and 2018 over 90% of addressed admins expressed above reactions to my questions and criticisms! Less than 10% reacted with insight and allowed the use of HTTP again. The large percentage of admins behaving so also disproves the straight conclusion, that all are suffering from paranoia, as statistically unrealistic. For this to be valid, the problem would have had to spread itself epidemically. A certain number of admins may have only thoughtlessly followed a "This is how one does it today" teaching, propagated by above and spread uncritically by some professional authorities.

(Note: One regard here, that due to the rapid growth of computing, the majority of professionals have below 5 years of job experience. The less experienced regard anyone with only slightly more as an authority. Even the professional press has for decades consistently shown far more interest in showing up what is newly available and how one makes use of it (including what new dangers have appeared and measures how to fend them off), than in questioning and criticising false developments (including questioning the amount of danger and criticising inappropriate measures). Which all favours such spreading.)

The above 90% could therefore be a statistical deviation. My current estimate assumes surely above 10% but below 90% of insane, with the rest thoughtless. Not determinable which type are below or above 50%. (This especially as a large majority of those addressed by me are either members of, or at least environ of, a group named CCC, which seems to be the largest distribution vector of the panic in the German-speaking space.)

But no matter which type dominates, the loss of over 90% of web sites is clear. As a consequence of the damage, adding up from ever more loss, we victims are now defending ourselves against this false behaviour of web admins. We demand from all admins, that they shall accept a responsibility fitting for a power position. As part of this they shall respect the freedom of others, and allow all users to decide what they want and need. That includes also accepting, that others may have their own views and are also allowed to live them out. This even if they themselves do not share these. Here also "live and let live" is to be followed.

They should thus continue (or by now rather recommence) offering HTTP, so that the web stays usable (or rather becomes so again) for all. This should actually be natural in a free society. Everyone may do what they want, so long they do not hinder others in doing what they want. The majority of addressed web admins have however become fanatics and fail to accept this. It is thus acceptable for them, to force their views on others from a technical power position. Same also to propagate such behaviour to other admins. They reject also any criticism, because they "know all". This also prevented reaching through them to at least the thoughtless ones with criticism. This problem can thus now only be solved by applying external public pressure. Doing that is the aim of this campaign. It shall show up the deeds being secretly committed, thus building up public pressure, to get these corrected.

5.5: Mailadmins

Above is the situation with enforced-HTTPS on the web. Now the same problem is starting to hit mail, with enforced-TLS. That this could here degenerate just the same, does not require speculation. There already exists a historic case. From 2000 to 2005 an anti-spam filter method called DUL spread among mail admins, up to also over 90% of all mail servers being affected by it, and also with over 90% of all addressed admins rejecting any criticism.

DUL is based on the observation, that most legitimate mails are sent indirectly through an outgoing mail server with static IP address (because Microsoft's widely spread mailers are not capable of sending directly and many others copied this), but many spams are sent directly from PCs using their dynamic IP addresses (because lots of spamware avoids using the outgoing mail servers). This is thus only a statistical correlation, not a causal relationship!

But in the DUL filter "dynamic IP address = spam" is strictly assumed, with the result, that all directly sent mails are considered as spam and get rejected. This often without even transferring their content and testing it for real spamminess, with DUL as the only test criterium, despite it being Broken As Designed (BAD). While with content based filters some legitimate mails perhaps go lost, here for directly sent mails systematic loss is guaranteed! With this communication is not just disturbed, but completely prevented, hitting both the sender and also the receiver.

Such losses are known as "false positives". They appear unavoidably with all techniques, which instead of assessing mail content, are based on network side effects such as IP addresses or host names, which are known as "meta data". They are thus to be avoided, at least if one respects one's users communication.

But every profession has a worst group. In the entire computing world these are the mail admins. Best case the Majority DUL admins are so incompetent, that they don't even recognize how they are creating false positives, worst case they simply don't care. This insight also from quite a few years of discussions with quite a few of them. They were this consistently for 15(!) years, from 2000 to 2015, when DUL at long last was disposed of. Exact from 2015 on the enforced-HTTPS web admins have taken over this bottom position.

This causes all who send their mails direct, without detour through an outgoing mail server, annoying work to circumvent it. Some want to use direct sending, because it is the better method, it saves a lot of expenditure and problems. The entire system of outgoing servers, with failures and abuse of such, SMTP auth accounts with passwords to prevent abuse, followed by TLS to secure those. (Which all only became necessary because of Microsoft's defective mailers, where lack of direct sending had to be patched up with this massive technological and administrative expenditure.)

Bonus points, that DUL is a variation of the DNSBL technique. This technique, in the original MAPS version, listed only the static IP addresses of mail servers of known spammers and so blocked mails from these. Spammers answered by abusing open relays. These were misconfigured mail servers, which anyone could use as outgoing, without any authentication, which also allowed spammers to abuse them. Mail admins reacted with ORBS, MAPS extended to open relays. Aim of ORBS was to put their admins under pressure, to configure properly, by blocking mail from all their users as collateral damage. This is strictly a form of coercion, and thus criminal. After reconfiguring they were removed them from the list. Just that took way longer than getting put on the list by some activist bent on revenge on "spammers helpers". This even if no misconfiguration was present! A colleague at an Internet Provider had to cycle his mail server through a block of 10 IP addresses to upkeep his users ability to send mails. (Good look if you did not have Microsoft, and were capable of sending direct, thus avoiding ORBS.)

Spammers answered by using computer viruses to hijack random computers as relays. Most virus development is financed by spammmers, causing all the cost of anti-virus measures. Mail admins reacted with DUL, ORBS extended to random dynamic addresses. It so hit all direct sending users, no matter if correctly configured, and without any removal from list. This is a case of "similar = guilty" thinking, and thus strictly a form of discrimination, even worse criminal. This with the address/address-type of the sender as only criterium, comparably affecting direct senders as using living address as a substitute for race/religion/lifestyle! DUL was condemned already in 1997 by DNSBL inventor MAPS, because of the systematic losses it produces and advised against it. Despite this many mail admins in 2000 to 2005 introduced it, until over 90% of all mail servers were affected. Followed by over 90% of these admins rejecting criticism. One notices parallels here.

(Note: Notice here, this problem can only occur in spam filters which run on mail servers. All filters running on your own PC, in a mail reader or anti-virus package, can never have DUL, nor any form of DNSBL, nor anything based on IP addresses, also no enforced-TLS. These filters are based solely on the mail content, words and combinations which suggest spam content. And they use the existing and available computer/tablet/phone processors, instead of loading up expensive server processors. This is anyway the better method, unless the network from server to computer/tablet/phone is very slow or expensive. That stops only few mail admins, from considering their filters as "better" than the PC admins one's, despite them often using DUL nonsense to save processors. Even more parallels.)

All this was "only" collateral damage from a by design defective method, which was used for cost cutting plus indifference, or simple incompetence. It was not the result of a desire to enforce "only through outgoing", so circumventing this was possible. Also DUL died largely in 2015, at least in its worst "reject without testing content" form, reduced from over 90% to under 10% of all mail servers. With Gmail as first of the large ones already giving up rejecting in 2013, but GMX as last of the large ones still using it in rejecting form in 2023! Partially it is still used next to other mail content based tests. This "only" still results, if influencing the evaluation to strongly, in risk of misclassification and mails landing in spam folder, instead of them being rejected and the manual work of circumventing. But even from this recievers can overlook and lose mails. Gmail is known for this, as seen in 2019 with two different recipients there.

(In 2019 a slight increase in use of "reject without testing content" is again being observed. At least when I send mails from my phone, although not when sent from home. This includes also Gmail using it there again. This could point to simply using an DUL list without my current home provider in it. On the other hand they also classify some mails from home as spam, as soon as a link is in one! Which would either need an unlikely general "no mails with links" policy, or a link+DUL=spam formula, for which my home provider would have to be in their DUL list. This though rated as lesser, thus only placed in spam folder, contrary to my phone provider, where even without links they are totally rejected. Which suggests them using two separate DUL lists and filters.)

Enforced-TLS makes this far worse. It also kills off all mails without transferring content or looking at it. But it also prevents any form of circumvention because of cryptography. Which even the admin from whom I first heard about it, in 2018, indirectly admitted. After he had heard of techniques to circumvent DUL, he commented, these are not possible because of TLS! He claimed then, that enforced-TLS is today the case everywhere, despite me, as direct sending user, having up to that time neither heard of it, let allone seen it. (I met a first server in 2019, and could promptly not send there any mail, as expected.)

This especially hits people who, because of wanting to avoid cryptography and the unavoidable updates for it, don't use outgoing servers, to avoid SMTP auth accounts with passwords, and the TLS needed because of them. These want to send direct, but enforced-TLS hits them just as damaging as enforced-HTTPS. Thus TLS-less mail should also continue to be offered. (Addendum 2023: I have since not met any more such. Which demonstrates how far above admins perception deviates from reality. He and above first server admin seem to really be super-extremists.)

(Addendum 2023: Unfortunately the mail situation has not returned to harmless. Mail admins have invented another Broken As Designed IP Address based method called SPF. This seems to aim specifically at forcing everyone to use outgoing servers, and even only allows those with IP Adresses flagged by the DNS admin of the domain in the users mail address. This to then use ORBS-like blocking of those servers, with all users with mail addresses in that domain as collateral damage. Of course this completely destroys sending direct to avoid cryptography, thus striking just as bad as enforced-HTTPS or enforced-TLS. 2023 Gmail has added this, with 100% systematic loss, as first large mail site. Their error message claims, that any mail without such "Authentication" is supposed to be "a danger to Gmail users and also the sender(!)". This demonstrates, that they in their echo chamber of anti-spam activists have become comparable insane and over-reacting as enforced-HTTPS web admins. Some activists are propagating SPF as standard for all to follow, thus creating an exact repeat of the enforced-HTTPS situation with Wikipedia in 2015. Meeting this became the trigger for the entire 2023 addendums.)

6: How realistic are the claimed dangers?

Such web admins give as motive and justification various claims of "great danger". But how realistic are these actually? How much danger threatens really? Is there a real great danger and their measures appropriate? Or is it just an overblown mistaken estimation and their measures inappropriate?

6.1: Fear of spies

They fear, that spying is a danger, from tapping routers and recording web traffic passing through them. It is proven, that this can be done and gets done. But this poses questions: What are the threat scenarios from this? How often are these to be expected? And most importantly, if and when are they even relevant for most users? Doing this is called "threat analysis" and it is the base of any serious selection of security measures.

On one hand spying is done systematically by the state, to record and analyse connections. But this only creates a massive pile of data to filter possibly threats from. This for most people is not relevant, because they are not the target of it and as such explicitly get filtered out by the scoring. (Also the state can selectively record specific persons. They can also filter these in more detail, as far less data is accumulated from them. But this only applies to conspicuous minorities, so is also irrelevant for the majority of users.)

On the other hand spying can be done by private persons. Usually by cyber criminals to obtain credit card numbers, or saboteurs to get at account passwords. Such is regarded by real information security people as the far more meaning-full problem. But with above web admins this risk practically does not appear next to their fear of the state! This spying can actually hit any random user, but it is not relevant for most normal web sites. It only becomes relevant at special sites, where one uses credit cards in web shops, or edits web sites with an account and password. The latter case is considered by information security people the more significant problem, because of spreading false data in the name of someone else who is trusted. (Also there are unscrupulous competitors, who are engaged in industrial espionage, should one communicate over the web, but also when transmitting mails. But this also only applies to specific minorities, so it is just as irrelevant for the majority.)

Crypto is therefore simply irrelevant for way over 90% of all people in over 90% of their web traffic. There exists therefore no reason, why everyone should only go onto the net with the equivalent of an armoured vehicle, or even such of always newest military grade. Even less justification, to force such onto all users for their "protection". (Far greater danger comes anyway from direct server intrusions to get at data. Or indirectly from client intrusions, including by virus infections, to get at data or passwords. And even more danger from tricking out users with techniques of "social engineering", to get at either. Against which crypto can not work at all.)

Some still feel threatened by this, even with random web traffic, thus want to use cryptography for everything. Despite that cryptography only hides the actual requests, who fetches which specific URL (and possibly any credit card numbers or passwords send with it). It does not hide the content of the site itself, which is still open to fetch (except from private sites with access only with an account). It also does not hide, who fetches something from which server or how much they fetch, only exactly what gets fetched. It is also partially possible to draw conclusions, from how much data to what data, which is known as "traffic analysis". This is thus usually neither a real danger, nor a complete protection!

Despite all these limits the crypto fanatics treat this as a panacea and reject any criticism. Most likely because getting a grip on their fears demands this, but entertaining arguments endangers that, from which they get even more fear. Thus such web admins think, they "have to" force crypto on all users for all web traffic, to protect them against the "great danger", no matter what the real danger from this is.

6.2: Refusing being "auxiliary"

One web admin went as far as to state, that he "does not want to be an auxiliary in crime" to people "endangering" themselves. Note, that this "endangering" was in the context of read-only access to an event calendar, which is open to all people. In reality he has actively closed down open access, by only allowing HTTPS. Leaving it open would thus not have been an action on his part and so he could not be an auxiliary.

Compare this argument to the following hypothetical case: If securities, because of the "great danger" of security cameras, would demand, that everyone must walk around with their face concealed by mask or veil. Followed by locking the doors to businesses, where they are employed, then only letting in those whose faces are concealed, to enforce this. Thus forbidding all subcultures and professions their desired of even required clothing. Such a ruling would result in massive protests. Even more so, when after a while over 90% of all businesses were affected! If this were followed by them rejecting such protests, with above excuse of "not being an auxiliary" to people "endangering" themselves by not being concealed, it would lead to far more protests. Most likely followed by managers handing out the notice to these securities, given that they did all this self-willed, without an order or even just consent from above, thus damaging the businesses with loss of customers.

(Compare this with the actual situation, where securities more likely demand absence of concealment, so that their cameras are not circumvented. Contrast that with how the enforced-HTTPS web admins would react to comparable prohibitions of crypto.)

6.3: Fear of sabotaging data

Some web admins also fear, that sabotage is a danger, that a "data injection" will be made, thereby falsifying the web traffic. Which means, not being able to trust any more the fetched data. That is claimed by some of them as "actually the larger danger". This however is far more involved, because to do this all traffic would have to be redirected through and modified by a server of the attacker, instead of only grabbing a copy of it. For this one has to intrude into routers to set up the redirection. All that just to falsify data, to so sabotage users.

No state measures exist which do this. Except one is a politically or militarily relevant site, and thus a target of cyber warfare attacks. (And such attacks are more likely server intrusions, or possibly DDoS attacks.)

Apart from such sites only private actions of this type are to be expected. But such a large expenditure can only be justified for very few sites. Users of these are so also only a minority, who anyway need to know the special circumstances of such critical sites and the data there. So again all of this is completely irrelevant for the normal web surfers. This "actually larger danger" is therefore for normal people even less important than spying, just more paranoid insanity in effect.

6.4: Fear of stealing passwords

As a special case of the above, some think they need to act against the danger of falsifying "Edit" links. The aim of such attacks would be with "DNS hijacking" (a small form of "data injection", only redirecting DNS requests, not entire web traffic) to send users to a false server. This server pretends, to be the original site, so as to obtain user's passwords and then access to their accounts. This is known as "man-in-the-middle attack" (MitM). Against which cryptography can uncover the false server by comparing signatures.

(Note: Background for those, who ask how signatures work: The browser generates a random number, encrypts this with the servers public key, the server decrypts with its private key and sends the number back as proof of having this one. Reversed the same comparing signatures crypto can also be used for authentication instead of passwords, with the server encrypting a random number with the stored public key of the allowed user and the browser decrypts with the private key and sends the number as proof, thus making passwords superfluous.)

From this the perpetrators practically only get single user-IDs, for sabotaging these users and their readers. This is again only a very small danger, because the expenditure for it is seldom justified. Once again only single exposed users of special sites are endangered by such sabotage. All users should thus be allowed to judge their own risk and compare it with the costs of protecting against such. Especially should the latter costs them all access. Or even worse cost random surfers who are just reading access. (Here "social engineering" is a greater danger, because it is far easier, eliciting passwords with fabricated mails containing camouflaged links to the server of the attacker, which is known as "phishing". Against which crypto can not work at all.)

Further this can be secured by correct design of the site, with simply offering selective "Edit" links. Either only those who read with HTTPS get to see an "Edit" link, or better still with HTTP a deactivated one. Same applies also to "Login" boxes. Add to this a "Secure" link, which leads to the HTTPS version. (And in this one, sensibly at the same spot, a "Non-Secure" Link back to HTTP.) Only reading of the site can thus always also stay open with HTTP. Even adding of comments without account can be done by HTTP.

Comparable design can even be applied by Webshops for credit cards. Link to order form only active if HTTPS is used. With the rest of the site only as catalogue also staying readable by HTTP. Or even allow orders with payment by bill, only link to the credit card form deactivated.

(Note: This even more so, when one considers how much credit cards are fundamentally unsafe. Technically they amount to fitting one's bank account with a number lock, then writing down its number on the card (which when writing down passwords is regarded as a security violation!), followed by telling the number to everyone that one is paying (which with telling passwords is even regarded as grave security violation!). There is always danger of abuse on the part of the site operator or their staff. And if permanently stored on the site, also danger from intrusions into the web shop server (which is the main reason for such!). HTTPS actually only secures this already unsafe process against eves-droppers during transmission.)

(Note 2: Better would be to therefore to replace the use of credit cards, delivered with a bill to pay. A method that has worked flawlessly, since over 100 years, as used by mail order firms with catalogue plus telephone. Or at least with reserving goods and delivery only after payment by bank transfer. For which a special E-Banking device is sufficient, issued by one's bank (and updated at their cost!). This can use WLAN directly, and is so independent of computer/tablet/phone. To use it insert customer card and enter PIN, same as at an ATM or credit card terminal. Or one could simply go without such a device to one's banks own ATMs, which would have to be extended for this. Or if both do not fit, also the banks E-Banking website, where enforced-HTTP is acceptable, next to the other alternatives. All three variants are way safer than anything involving credit cards.)

(Note 3: The banks have apparently meanwhile got enough of misused credit card numbers. Ever more now demand confirmation of every transaction, by TAN query in phone app or via SMS. This converts the credit card from "password" to only "account-ID". This makes HTTPS increasingly irrelevant even for E-Banking and E-Commerce.)

Such an above "Secure" Link can also be combined with setting a HSTS entry, which tells the browser, that a site once visited with HTTPS shall always be visited with this. Even if it gets a HTTP URL to the site and there is no HTTPS Redirect. Because using HSTS a fitting browser itself makes an internal redirect, but such without stay with HTTP, the best for both sides! (With a "Non-Secure" Link the HSTS entry has first to be cleared, before going back to HTTP.) With this clicking on the "Secure" link in the HTTP version is only required once. There so remains an identical minimal danger as with an initial Redirect. After the site offers the same comfort, direct to HTTPS, without first clicking on "Secure". It is then even still possible to place HTTP links, so that HTTP users do not keep on landing on HTTPS, which does not work for them, with repeatedly have to delete the extra "s". Search engines can then even be redirected to HTTP, so that they always offer HTTP links.

The web admin with the above "Edit" link falsifying argument exited the discussion, after I had described this, without commenting on it. Most likely because he noticed, that this would work well, but did not want to accept and admit the consequences of it. This is typical of the behaviour of such fanatics: As soon as they notice, that they can not justify their measures, after a sensible compromise has been shown, which would require acceptance of others, they just run away instead of admitting their errors. Most likely, because they are trying to justify a politically motivated "all with crypto" aim with trumped up pseudo-technical arguments and collapse as soon as these fail real-technical criteria.

6.5: Abuse for smoke screen

Argument of a further fanatic one was, that if only the endangered use cryptography, this would stand out and thus danger exists for them. This "justifies" getting all others to use crypto, so that they can hide themselves behind the resulting smoke screen. With this reasoning, he did not worry about the expenditure of or even damage to others, who gain nothing from this smoke screen. They shall simply sacrifice themselves, because he and others like him need it for their "protection" (or in reality to reduce their fears). But dumping the costs onto others, for one's own profit, even more without their consent, is antisocial behaviour.

Add to this that most people for e-mail have rejected "all have to use crypto" by not doing it. Simply because they did not want the expenditure of it. That would most likely also be the case on the web, but the Redirect simply does it automatically. Reason behind both is because they simply have no interest in something so unimportant to them. Which would most likely also be the case on the web, if it required expenditure.

Open remains whether some, even without any expenditure, would explicitly reject using crypto. This because they do not want to create such a smoke screen, neither in e-mail nor on the web! Especially those who regard surveillance as good, would consciously decide against creating a smoke screen. The political success of surveillance measures points more likely in direction of wanting them and thus rejecting such smoke screen. Where there were public ballots on such laws, the results went in this direction. This public opinion is getting circumvented by underhanded Redirects. All this without discussion or consent or legitimation, or rather contrary to what is known of discussion and consent! Here we can also expect large dismay and protests, as soon as this sabotage becomes known, how they with manipulating browsers have unnoticed abused others data traffic.

6.6: Where acceptable und where not

Cryptography may be sensible or even necessary for special cases. Such as by the state for diplomatic exchange and spying and military. In some firms for keeping secrets from their competitors. For some people who are editing web sites. At web shops if they use credit cards without confirming a query. But these are only minorities or special situations, which from their specific priorities can justify the expenditure, of frequent updates or even upgrades or replacement. For general net usage by normal people cryptography and so also HTTPS is unsuitable and unnecessary.

Only place where enforced-HTTPS is acceptable, would be were other people are really endangered. Such as admin access, where the integrity of an entire site and all its users could become affected. Or at private sites where everyone needs an account, because otherwise internal data could leak out through compromised user accounts.

It becomes mostly irrelevant, where random people can have an account, and only their own data could be endangered. It becomes totally unacceptable where random account-less visitors are only reading a site. (To be avoided is thus, to demand an account just for normal reading. Same applies also for setting preferences, given that cookies suffice for this. Even for publishing data a tripcode can suffice.)

Borderline is for editing wikis. Which could lead to damage of shared data. But this is simply correctable by going back to the old version, because wikis were once designed for account-less editing, therefore such should therefore be possible. Possibly with moderation of such edits by people with an account (should damage there happen too often), or edits only with an account (where too much consecutive damage of an uncorrected edit can happen).

Furthermore it is acceptable with credit cards, where preventing access stands against preventing expensive accidents. (In this case better would though be anyway to get sent a bill to pay, instead of using a credit card, so eliminating credit cards and their misdesign entirely. Or at least secure these with TAN query, which banks are enforcing anyway, and thus eliminate the need for HTTPS.)

(Same also applies to enforced-TLS in mails: Acceptable where accounts are secured, so that outgoing mail servers do not become misused as relays, which can lead to ORBS blockages against them, and thus a real danger that users of them can not send mails any more. Or private mail groups, where internal addresses could leak out. It is totally unacceptable, where random account-less visitors are only sending mails to known addresses on a mail server. (Better here would anyway be to send direct instead of using an outgoing mail server. Thus no danger of blockages and no need for an account nor password nor TLS.))

Consider here further everything about net neutrality. This applies just as much to servers as to routers. Both net and servers are bases for the data traffic user - PC - net - server - net - PC - user. Both must be reliable, so that one can rely on them. Therefore servers should be just as neutral as routers, transfer data without imposing themselves. (This also no matter if web server or mail server or other servers.)

7: How can one proceed against this situation?

It is now clear, that enforced-HTTPS hits many victims. Also, that cryptography and HTTPS are actually completely unnecessary for a large majority (over 90%) of normal people's general (over 90%) net usage. Enforcing usage for all is thus unacceptable. Which now poses the question, how to proceed against the web admins using enforced-HTTPS?

7.1: Plan A

First there was Plan A. This consisted of making such web admins aware, that they are harming others and to ask them to stop doing this. Locally accessible ones first, through them all those they know and so on until all of them know of the problem and correct it. At this time it was still open, whether they were only doing this unknowingly. Some of them were informed of the problems that they had created, for about 2 years, in 2017 and 2018.

Over 90% of the addressed admins rejected any criticism and continued as before. They also did not help to spread information about the problem. They all received an offer, to go back to "live and let live" as it once was. They rejected this. This because the questioned admins largely showed themselves to be know-alls and fanatics. Plan A has failed and can thus be regarded as dead.

Rejecting criticism included above "go and upgrade" web admin who used extortion, or else lose a circle of colleagues. Arguments that he is repressing freedom, he rejected with the claim, the critics are also not purveyors of freedom! He rejected our demand of freedom (to be able to use HTTP), with the reasoning that we also do not respect his freedom (to on his server allow only HTTPS, thus though preventing HTTP). In this he ignores, that there exist two types of freedom:

On the one hand meaning-full freedom, to live as one wants. This applies to them, hiding themselves and for this using crypto. It also applies to us, using old things and thus avoiding crypto. On the other hand dictatorial "freedom", to proscribe to others how they should live (no matter whether deliberately prohibiting something or only knowingly preventing it). Which collides with the first freedom. His idea of such "freedom" would be equivalent to the state prohibiting him the use of HTTPS, followed by rejecting criticism of this by presenting that as their "freedom". His excuse of protecting people, can be used just the same by the state. Those who reject such a prohibition should also reject his lame excuse. A colleague who is also admin, and offers the choice of HTTP or HTTPS, has rated this admins point of view as "very off the mark". (One note here also the saying of "The Freedom to move one's fist ends there where someone else's nose begins". The Freedom to configure one's server ends just the same, there where someone else's entire lifestyle gets hit.)

His further excuse of "It is my server, I am allowed to do there what I want" is also to be rejected. In this he ignores, that since he offered his server to the public as a service for their communications, and not only publishes there himself, he has given them an implicit promise, to operate it such, that his offer is being fulfilled. In particular he has given all those publishing by him a promise, to deliver their information to all interested readers. This applies to the public in general, no matter who they are, no matter what they use. (An exception would only be, if he gave an explicit offer of only publishing to crypto users, he would then not only be allowed to deliver exclusively to these, but also be obliged to do so.)

His rejecting criticism also included above statement of not being an "auxiliary" to people who "endanger" themselves. This led to an extreme case, of another web admins explicit statement of "HTTP is dangerous, it has got to be exterminated!". He claimed also, that enforced-HTTPS is standard today, therefore everyone has got to upgrade, so there is no requirement for offering HTTP any more. In that this one ignores, that the criticism comes exactly from those people who do not want to or even can not upgrade.

This admin even insinuated, that the critics possibly have illegal intents. That despite that they repeatedly brought up multiple of the above legitimate reasons, which he though rejected as "no real reasons", and then because of "none given" speculated on illegal ones! Bonus points, because of contrast with usually adversaries of crypto accuse users of crypto with hiding illegal doings. But even such glaringly erroneous contradiction arises automatically, after they have rejected all arguments as "false", because of a mental blind spot, caused by their fear, thus treat the result as if "there are none". After this they invent some, turning adversaries of enforcement into adversaries of crypto. (After the first publishing of this text a common reaction of such people was, according to observation of a second colleague, to claim, that "no arguments are to be found in it"! That says quite a lot about the blindness of these people.)

Maybe they also don't even manage to notice the difference, because they have so much fear, that they perceive any criticism as an "attack". After all this is a known behaviour of paranoid insanity, to have a "for us or against us" mentality, which regards all who are not part of their party as adversaries. This results in an incapability to distinguish, between neutrals who are only complaining about inflicted collateral damage, and real adversaries who are pursuing them. Including failing to understand the sentence "Crypto is not necessary" as was intended as "Not everyone needs crypto", instead misunderstanding it as "You shall not use Crypto". As I have observed multiple times.

From observing this discussion, a third colleague came to the conclusion, that "crypto seems to have become a holy cow, which may not be questioned". I came from reading this to the conclusion, that these web admins actually have become security fundamentalists. Just instead of religious fundamentalists going from believing in their view of god as despot, to dogmatic dictatorship of their laws, here going from believing in their view of the state as a danger, to dogmatic dictatorship of their crypto. I came also to the conclusion, that their behaviour actually is that typical of moral guardians. Just instead of from fear of god, a no-sex teaching and demands for prudery legally enforced, here from fear of the state, a must-crypto teaching and demands for updates technically enforced.

Bonus points for above extremist using extortion, who forces such moral teaching via a position of technical power onto others, but then condemned the use of social pressure by victims defending themselves, after they made public his acts! When I pointed out this contradiction, he simply left the discussion, instead of admitting his error. Again the typical behaviour.

One can only deduce from all this, that these admins want to have it exactly how it currently is. They have the power position to enforce this, and assume they have not to consider anyone else. So they lead an extermination war against HTTP users, and the uninvolved victims get ignored.

They also believe, they can afford to reject entertaining any arguments. They only discuss, as long they believe to be able to push through their position. But when they lose a discussion, they simply exit and run away. Repeatedly observed behaviour. Exactly the behaviour of propagandists, who want to justify their form of dictatorship, but do not discuss constructively. Most likely because fanatism does not allow any compromise, so also does not want to help in constructing any.

It is though also the behaviour of people, whose feelings of guilt have been awoken, who then deny themselves, from fear of having to face their fears. And also the behaviour of cowards, who do not engage in a honnest battle, prefer to hide themselves and strike from hiding. Which all also fits with their overblown fear und the regression from it.

Ultimately the entire dispute amounted to value systems, which totally collide. They "must" protect people, letting those "endanger" themselves is unacceptable. After all they are followers of the "only true" security of HTTPS, thus rejecting any "heretical" openness of HTTP. But others require HTTP for its openness, demand tolerance of it, rejecting this with enforced-HTTPS is unacceptable. Between their politically "necessary" closedness and others technically necessary openness no compromise can be found. Which is why this conflict will only be solvable by rendering them harmless.

(Note: Parallels of these web admins to the DUL mail admins became visible: Those were for more than 10 years informed about its damage, that because of DUL legitimate mails are systematically going lost as "spam". By which both the senders who send direct lose, as do also the receivers on their servers. Such disputes resulted also over 90% in rejection and demands, that users "should go and adapt themselves". Even just allowing receivers, who recognize their loss, to switch off such defective filters on their mailboxes, was denied. "Reject without testing content" DUL applies to all, no matter the damage. Same as enforced-HTTPS applies to all, no matter the damage. Comparable was also the "we know it all" snobbishness of the mail admins. The difference was only, that DUL was circumventable, even if with annoying work. Which is why that did not result in a campaign like this one. (Which though now is being made up for, utilising this occasion.) Why also the similarity with the web admins quickly become obvious, and Plan A already given up after 2 years of 2017 and 2018. Followed by in 2019 developing Plan B and from 2020 spreading it.)

7.2: Plan B

Thus comes Plan B. This consists of reaching out to the general public, to collect up decent people, with the aim of through many of them exerting social pressure on the wayward web admins. As a first step inform the various victims, who often do not recognize what is happening to them. As a second step enlist various sympathisers, from those people who are against fanatism. For this aim at the large masses in the middle, which usually rejects extremists. From these build up an alliance of the open, to defend against enforced-HTTPS.

In this especially aim for people, who are in a position to push through an opening up. Such as web site owners, who have acquired such admins as staff, are being deceived and sabotaged by them. One can thus counter the admins technical power position with a commercial power position, where they must show consideration, because of their income depending on it. They can then only reform themselves or leave. Whichever of these, they will not be doing any more damage, so have been rendered harmless.

For this spread information regarding the hidden deeds of these admins. In particular describe their effect on their victims, to thus show why it is so unacceptable. At the same time also distribute arguments against their views and statements. In particular show how their dictatorship stands against freedom. For this exists this campaign and web site.

This all sounds in some respects like a bad dystopian future SciFi film, with a totally overblown situation and storyline. It is not however a speculative invention, but the actual situation of today's Internet, with real victims, who in the meantime are suffering massively, because paranoid insanity and thoughtlessness have struck. The greatest difficulty will be, to convince people, that such is really happening, that the Brave new World of the Internet is for the first time showing large cracks, which no one is expecting, because of no visibility. But here a new group of powerful bureaucrats has come into existence upon which people are by now dependant. But some/many of these lack a fitting responsibility at handling a power position and also lack the ability to handle criticism.

The tests further down exist, so that one can determine where and how much this really is the case. One can also expect, that at least the group of fanatics will completely make an exhibition of themselves, when confronted with criticism, as they have already repeatedly demonstrated. This because of being incapable of accepting such. They can after all not accept anything, which runs counter to their views, so can not take it up, nor take into account the consequences of it. Which is also why they do not notice how much they are shooting themselves in their own foot. (The only thoughtless admins will in comparison just be totally confused, because they lacking observance have up to now not noticed anything.)

7.3: Base

Thus the fight for liberation commences. Aim is, we want to return to the open Internet, as it was until 2015, before the enforced-HTTPS web admins arose. Basis of the Internet, as world-wide medium, can only be tolerance and openness, because only so can everyone world-wide take part.

Basic here is, that there only exist two ways in life, friendship and cooperation, or enmity and fighting. Friendship avoids losses and suffering, is therefore to be preferred where possible. This leads to the known approach of "live and let live", and so to tolerance. From this arises civilisation and so a living better than in barbarism. This leads to the evolution of cooperation, and that to respect towards others. Central rule of civilisation is "treat others the way you want to be treated by them". Even sufficiently intelligent egoists recognize, that such behaviour is in their own long-term interest, because it saves more on avoided losses, than it costs in forgone profits.

This requires however, that both sides take part, both recognize this precondition and respect each other. Where one side does not take part, the second side must also forgo it. Otherwise they are left with the costs of forgoing and despite these also losses from the other, up to being destroyed. This they want to prevent. Which leads to the well-known attitude of "be tolerant with all except with intolerance". From this follows acting selectively. Central rule against barbarians is "treat them the way they treated you." Only insufficiently intelligent egoists fail at recognizing the consequences, destroy inconsiderately and get destroyed. This also applies to all those, who mentally blinded by panical fear have become selectively stupid.

When only one side thus steps out of line, conflict and enmity arise, which has now happened here. The attacked can only choose between giving up or defending themselves, whichever leads to less loss. Without a fight the result here is guaranteed going under. The attacked do not want this, need open Internet, but are not getting such from the dictators. Their fanatism destroys, because it can not be tolerant. It has therefore got to be eradicated, same as any other barbarism. It offers no mercy, so it also earns none. Resistance is thus unavoidable, fight of liberation to stop the disturbance, after which peace will only once again be possible.

For this the resistance can only use what has remained usable. Further limit can still come from, how far one is prepared to go to achieve ones goal. Some are not prepared to fight, because using force is "bad", but such leads to going under. Some tip towards the other side and then become unlimitedly aggressive, which also harms. And the latter scare off the former, making it even worse. Strategy should be therefore to proceed selectively, with force against attackers, but none against others.

Extending above friendship and cooperation or enmity and fighting, from binary "either/or" to analogue "as far as the attacker went", allows quite a bit. With attackers who went up to guaranteed throwing out of the web, including pushing to the side of society, unless one can and wants to update, this justifies defence going up to threatening with loss of their jobs, unless they recognize and accept tolerance.

As in any fight this will cost losses, on both sides, but that is for the attacked less bad than going under without defensive fight. This is why barbarism is bad, because it only leaves bad or worse as a choice. One should therefore avoid thoughtlessly starting a fight. But when one has to do with fanatics who attack, one has no other choice than to take the lesser evil. Only from this there still exists war, despite the majority not wanting it any more, because stupid perpetrators of violence fail to recognize this. (Which is why the circumventable DUL mail admins did not trigger a campaign like this, only the enforced HTTPS web admins made such necessary.)

We are thus now organising an alliance, to build up public pressure on the fallible web admins. This by informing their employers, showing them their losses of readers and potential customers. (Also with DUL mail admins their losses of senders and potential customers.) After which these will, from their own interest, help us against a common target. With this we can render both fanatics and thoughtless harmless, no matter if by informing the latter, or reforming or simply eliminating the former.

7.4: Targets

Not all web admins have become bad. Some are open. But the large majority of web sites are by now closed against HTTP. When one looks closer, mainly various small personal sites are more likely open, with their many small admins, but large Web 2.0 platforms are nearly completely closed, with their professional admins. Thus in range 10 to 30% of web admins are good, but way over 90% of professionals are infected, have either become fanatic or only followed along thoughtlessly. We want to respect the good ones as friends, only proceed against the bad ones as enemies. The tests further down can also be used to recognize who is friend or enemy.

Aim is not to destroy the enemies, but just to render them harmless. Aim is not revenge, but defense to end their attack. For this one only needs to destroy the paranoid insanity or the false teaching, which has overtaken them, thus free them from these.

To achieve that, one can by spreading knowledge bring some to insight and turn them around. This works especially with those, who only acted thoughtlessly, followed a "This is how one does it today" teaching, but now recognize its fallacy. Perhaps even some, who believed in it, but after seeing the damage caused recognise and turn around. Which is why we are informing all, to reform them where possible.

Only those who are too corrupted and thus refuse to recognize, should then be removed. Possibly confrontation of being given notice will bring some of them to their senses. Be that only after experiencing a repeat at a new job. Or even multiple times. Or even, after the problem becomes widely known, already failing whilst looking for a new job. Or even this also repeatedly.

Some remnant of unsavable broken fanatics is to be expected. Those who even after not finding a job any more, do not want to give up, despite destroying themselves. Some extreme fanatics will regard themselves as unjustly persecuted "holy" saviours of the world, who will never capitulate before the "evil" openness, preferring to sacrifice themselves in a fight against it, until they lay destroyed on the ground.

No matter which happens, reforming or eliminating, the latter temporary or permanent, or whatever else they need specifically, the target aimed for can be reached in any case, that the web becomes again usable for all, no matter what those can or want to use for this.

Advancing is thus selective, against all who on their sites use an enforced-HTTPS Redirect. They will be though forgiven, as soon as they see reason, become repentant and open up by allowing HTTP again. This as permanent offer of peace, open to all who turn around, stop their attack, with then again living in friendship as better situation becoming possible, instead of continueing in enmity. Here also applies back to "live and let live", better late than not at all. With this we offer all an escape from conflict, as soon as they stop attacking. The tests further down can also be used to recognize who has changed sides, or was simply replaced.

The target is reached, when the situation has been reversed, enforced-HTTPS has fallen from above 90% to below 10%. (Same as happened with DUL in 2015.) The measure used is, when an average search machine request brings this share of HTTP links, which also function as such, according to the Telnet Test further down.

7.5: Methods

Deciding here it to know the adversary! Know and avoid their strengths otherwise one loses. Know and exploit their weaknesses otherwise one fails. Herein is important, that the fanatics above everything are massively scared. With this they have made themselves selectively stupid, now have panicked, have no defence against fear, picked up ever more of it. Driven by this they spread fear among each other, stirring each other up. For this they exploited latent "bad state" sentiments, and so were able to collect some sympathies, even if they are just a bunch of insane. Add to these all the uncritical professional authorities and those thoughtlessly following them.

From this unrealistic fear came their attack against completely uninvolved web users. These, having become victims, are now defending themselves and want to reverse this situation. We can for this show up the fanatics as the real "bad attackers" and the thoughtless followers as ignoramuses. This will end whatever sympathy for them that exists. Thus the crypto fanatics will fall, from having a bit of sympathy to their victims gaining far more of it, the situation becomes reversed.

For this we can exploit, that they inside their group have mainly scared each other. The external world has received little of this, has not become infected by their fears, has not become prejudiced by this, is only unknowing. Thus we can now aim at informing externals, so build up resistance on neutral ground. This campaign is thus consciously aimed at general public, not at professional people, of which many have failed. The fallible web admins will thus get discredited, when their behaviour and statements are laid open, followed by getting confirmed by collisions with the fanatic section of them.

Against this procedure they have no defence. As a movement they have no coherency, can not recognize and revise their errors. This because they in the end have the same progression as a horde of zombies, just that they are infected by fears instead of bites. They have no ability to take in criticism, when they meet such. This combined with running away, after losing an argument, leads to no feedback into their echo chamber. That prevents them from, in their own interest, warning others their own side. They from this have no contingency planning, can not now make an ordered retreat, neither tactical one, nor advisable strategical one.

This is also most likely why Plan A failed, because of the fanatic's incapability of communication, both externally as also internally! Thus remained only their propaganda, built up over years, whilst the complaints of the victims went unheard. So the thoughtless were not warned either, which would have partially defused the situation. Thus comes now Plan B, with all of its consequences for them.

The resistance will now proceed planned and organised. It only has to catch up with them. For this to succeed, it just needs to inform the large masses of decent but unknowing people, so get them to act against the fallible web admins. This including informing the mostly also decent web content producers, since these also belong to the losers. Some of whom also directly or indirectly employ and pay the web admins, for this expect fully functional servers. This employment can now be utilised, to reform the admins or simply to eliminate them.

Without coherency they have no chance to develop an own Plan B. Which is why it is just a question of time, until we will have caught up with and overwhelmed them. For this to occur I expect, due to the messed-up situation, which has about 5 years of development behind it, a comparable 5 years. More precise following in 2013 their trigger Snowden, from in 2015 first large web sites affected, to 2018 arriving at 90%, I expect here in 2020 my trigger, from in 2022 first large successes, to 2025 arriving at 90%.

(Addendum 2023: But then, just as I was ready to in 2020 commence with spreading, Corona intervened and dominated society and press for years. After that was over, rest 2022 and early 2023 were filled with personal problems. Mid 2023 the SPF security overreaction from mail admins is striking, ideal timing to pursue this again, given that both come from the same admin misthinking.)

8: How does one test for affected sites?

Now that the process is known, selectively aimed against some failed web admins. Many will want to know, exactly which web sites are affected, which web admins behind them, and thus to be targeted. In particular find out if ones own site is affected, and if their own admin is to be targeted! There exist various methods, that can be used, to find out if a specific site uses enforced-HTTPS. These methods range from simple but imprecise to exact but involved. Here they are sorted by how involved they are to use.

8.1: Browser

The easiest but also the most problematic is explicitly typing a HTTP URL into any browser, or modifying a present URL from https:// to http://. Should then a page appear and HTTP stays displayed, thus no Redirect back to HTTPS took place, the site is proven open. End of test.

But the reverse can be misleading! Even without a Redirect the browser itself can return to HTTPS, because of a HSTS entry set, especially when modifying from https:// to http://. Against this effect one can only use a guaranteed unused browser, or at least one that by guarantee was never used on this specific site, in particular also not by modifying https:// to http://! This is simple to do, but it remains unsure, in that about the unused really is correct.

8.2: Telnet

Only the Telnet test is really safe. Thus it applies to determining if the target of getting enforced-HTTPS web sites to below 10% is achieved. But it is also with distance the most involved, both in understanding and also in applying it. Possibly one will have to ask for help, from a computer expert one trusts and who hopefully comprehends the following.

For this one needs a program, which can use the Telnet protocol (an old remote login method). Such a program may have the name "Terminal" or some variant on this. In this program one must enter as Host or Server the name of the website (that which is in the URL after the http:// but before the third /). As port enter 80 (HTTP web traffic). If the program has an option for automatically closing or remaining open after connection ends, the latter is to be selected.

After connecting there is no output from the server (but the Telnet program may add some of its own). One can then manually type HTTP protocol (the dialog that browsers use to order specific pages from web servers). In that simply enter the line "GET / HTTP/1.0" (all between the "", but without these, there are spaces before and after the first /, but not before or after the second) and then Return. Followed by the line "Host: <WebSiteName>" (again without the "" and with <WebSiteName> replaced by the same name used above at Host, with space after the : but not before) and then second Return. This followed by an empty line, by just a third Return. The web site name is so needed twice, the first tells Telnet to which server to go, the second tells the server which web site one wants from it. (A browser does both automatically, but Telnet makes no such assumptions).

What follows after this input is the servers output, something that can scroll by for quite a long time with a larger home page. This is followed by automatically closing the connection, therefore if possible select above remaining open option. After scrolling back up to the top of this output, one can evaluate its beginning. More precise evaluate the first block of lines, those before the first empty line, these being the servers answer (with all that comes after the empty line being the actual page content). If the first line is a "HTTP/1.1 200 OK (or with 1.0 instead of 1.1) this is provenly an open server, which has just given a valid page (the possibly large jumble of data after the blank line).

Should it have "HTTP/1.1 301 Moved Permanently", one has to further evaluate the short rest of the first (and only) block. Important for this is the line which begins with "Location: ". If this, despite ordering HTTP by using port 80, has a https:// URL to the same server in it, then the server is provenly closed. Because that is the underhanded Redirect of enforced-HTTPS, for detouring to HTTPS!

8.3: Mailtest

The telnet method can also be adapted, to see if a mail server has enforced-TLS. This is though even a bit more complicated. As largest hurdle one needs first to find out the server name, which is not identical with the mail domain name behind the @! Doing this requires resolving the MX record, which is too complicated to explain here, because it is very variable, depending on the system used. Here one will certainly have to ask help, from a computer expert that one trusts. The easiest way to achieve this is by analysing the mail header of a mail which has arrived, the block of lines at the top, which all start with Word-Word-Word:, where the name is recorded in one of the Received: lines (these are the "post marks" from all the servers through which the mail went). Even for this a layman will surely need help, especially if their mailer only partially displays these lines.

Once one has the server name, one can test similar to for a web site. Just with port 25 (SMTP mail traffic) instead of 80 and with manually typing SMTP protocol instead of HTTP protocol (the dialog that mailers use to send specific mails to mail servers). For this it is best send oneself a test mail, instead of downloading a home page.

In Telnet the line "HELO <Mailserver>" (again all between the "", but without these, after the HELO a space and as <Mailserver> the host name of one's own computer, or if it has none simply the one of the mail server). Then "MAIL FROM: <Mailadress>" (without "" and as <Mailadress> the own one, as one is sending it). The < and > of the mail address are by the standards not needed, they are only to separate possibly added names from the address, which the sending mailer should actually do. Most mail servers to be safe also split these off. But some misconfigured ones even fail without them! Then "RCPT TO: <Mailadresse>" (this one the target address, when testing one's own server also the own address).

After connecting and after every input, the server should answer with one or a few lines. The last one after connecting should be "220 MailserverName and so on" and after that always "250 something or other OK". More generally all 200er numbers at the beginning are acceptable. If one gets to an OK after the RCPT TO: the server is provenly open, one can then send "Quit" to abort, without actually sending a mail. But if one sees a "550 A TLS connection is required" or comparable, then the server is provenly closed. Because that is the demand from enforced-TLS blocking.

(If one sees a 500er number, often 554, with a message something like "Service not available" or "No SMTP service" or "Not authorized" or comparable, despite this being a provenly functioning mail server, this is a good indication, that one has one of the remaining mail servers with DUL in the "reject without testing content" form. Same applies with an URL in the error message, which is a sure sign, because this is often done by DUL to "justify" the deliberate failure, but very seldom with real technical errors such as unknown user or disk full.)

9: How can one take part in this process?

This problem is a large matter, so correcting it demands many helpers. Alone one can not achieve very much, solving the problem requires activating a large number of web users. After the problem is known and how to proceed against it and also which targets to aim for, some people will want to join the campaign. To do this there exist multiple possibilities.

Anyone who has an own web site, can obviously free it from enforced-HTTPS, should it be one of the many affected by this. Doing this one already is not contributing any more damage to the victims, is only neutral, or even better helping.

Independent of above being the case, one can place links on one's site and so spread knowledge of the problem. Doing this one can inform others, who can open-up their sites and also spread the information further. Even if one can do nothing other than spreading information, this helps reach out to others, who may then effect more. Thus spreading information is of uttermost importance, because the wider the problem becomes known the better. Only so we can counteract the viral meme of fearmongering with an fitting viral meme of informing. The biggest strategic mistake is to give up, because that guarantees having no chance and thus losing, while attempting always has a chance no matter how small it may be.

This also applies if one's own web presence is only a social media site on a Web 2.0 platform. A site which will very likely be affected by enforced-HTTPS. (Bonus points, if one reaches that sites operators and corrects them.)

Who like icons/buttons for links to action websites, can download one here:

SAVE HTTP Button

(For those who do not like PNG bitmap icons/buttons and want to draw their own ones: The official definition is: 2 lines of text "SAVE" and "HTTP", all in capital letters, colour green on black, font any monospace (that is with all characters same width), double as high as wide (here 8x16 pixels, the 4x2 characters so give 32x32). For the actual icon add left and right 1 blank, plus top and bottom a half one (gives then 48x48). For the button add same amount of gray 2/3 bright (#A0A0A0) (gives 64x64), with outside 1/4 of it (here 2 pixels) of bevelled edge (left and top white, right and bottom 1/3 gray (#505050)).)

Additionally one can write their own texts. These with their own arguments. Or even just opinions or assessments of other texts they have read. All of which adds more relevance, by showing that this is of interest for more than just one person.

Such texts can also consciously point out or extend partial aspects of the problem, which are of importance to the writer. Alternatively simply shorten an article, to what the writer considers important. Or add new aspects that are unknown to me. Or use other media than text, applying all forms of protest, which are used to combat right extremists or left extremists or religious extremists, because here against comparable crypto extremists.

This basic text is consciously written to be all encompassing, to produce a "Buffet" of all. It is therefore ideal for others to link to, for all which they may leave out, this basis then delivering further reading material to consolidate. That also applies with the others acting as alternate introductions, or even recommendations of specific points with alternate reading order.

Even those who have no web site, can spread knowledge of the problem. For this use e-mails, or whatever one uses to communicate. In these this text can be linked. Again spreading information is the most important aspect.

Even outside of the net one can still help, in the form of a printable flyer, directly given to others or for display at events. A Flyer is available here, in HTML or PostScript or PDF formats. Or one may even make one's own flyers. (The first publishing of this text was with above flyer displayed at a retro computing event late in 2019.)

10: Who can achieve something in this process?

Just complaining seldom works. Especially after these web admins have shown themselves to be so stubborn. To work this campaign needs to reach people, who have influence over the web admins and with this can change something. Luckily quite a few such people exist! Apart from the surfers, who get thrown out of the web, enforced-HTTPS also hits the content providers. These also get affected, sabotaged by the web admins inbetween. They lose quite a few readers and potential customers! (This applies also with DUL, sabotaged by the mail admins, thus losing senders and potential customers.)

All these co-affected also have an interest to proceed against this problem, if they knew it. Some also have a position where they can exert pressure against the admins. In contrast to the surfers, who are usually defenceless against their loss. Employers are thus the main targets for spreading above knowledge of and correction for the problem.

10.1: State and Offices

The state has regulations against discrimination. But these are getting undermined by such web admins. This even becomes a case of an office failing its purpose, if the targeted audience can not get access any more. This in particular where offices such as social services can not be reached any more by the poorer citizens they are aimed at. The result is, that the Digital Divide becomes even more getting thrown out of society. All government offices can by order from above ensure, that their sites shall be open.

10.2: Business and Firms

The economy wants to make turnover and profits. Firms afford large expenditures, to just get hold of a few percent more customers. Contrast this with their web admins, who simply accept multiple percent of loss of readers and potential customers. That is in effect sabotage of the firm's interests, just to further their own political aims. All this without having obtained permission for it. Firms can by order from above ensure, that their sites are open, or should it become necessary by handing out a notice if admins refuse.

10.3: Organisations and Universities

Organisations can unwantedly end up with a contradiction to their aims. Especially with social or environment focused ones. On the one hand they often have activists on their staff, and thus also likely among their web admins. They are thus even stronger affected, as with above mentioned Wikipedia as great forerunner. On the other hand they also have activists among the rest of their staff. So these are more likely prepared to act against such admin sabotage. In particular where their admins who throw out users can impact their reputation, which for many organisations which make demands of justice is important for their credibility. Even more so after all this gets more known, and allowing such admins to continue can be seen as acceptance. Ecological Organisations have additionally an specific interest on not unneccessarily increasing electronics waste, which also impacts their reputation. Organisations can by order from above ensure, that their sites are open, or by handing out a notice.

10.4: Press

There is lot of news today. A lot of it though is always the same, just endlessly repeated, only with slight variations of it. Here comes a totally new topic that is completely unknown, and the first great scandal of the Internet. The press as a profession exists in particular to criticise fallible people. Here with the fanatical enforced-HTTPS admins appears a new type of fallible.

Their damage hits various widely scattered victims. This problem thus addresses all, no matter if right wing press, which traditionally criticises abuse of power by left wing bureaucrats, or if left wing press, which traditionally criticises greed by right wing bureaucrats. Here there are web admins, who being bureaucrats are misusing a technical power position, instead of a juristical or financial one. Apart from this they are exactly like both above groups. These admins are even doing this from themselves, without any order from politics or management above. It is thus irrelevant whether in state or economy, because the do it as a self-willed and high-handed action. So this topic is of interest for both right and left wing press.

(The web admins themselves also scatter from right to left, which does not get then a bonus from either side. If anything characterizes them, then it is loud anti-authority rhetoric, but combined with contradicting heavily authoritan behaviour, which also can not gain them a bonus from either side.)

Add to this, that a journalist unlikely wants to ignore something new. This is the sort of big story of which every journalist dreams, that they can once uncover one. But denouncing this, whilst possibly their own web site is doing it, would be a self contradiction, which directly touches their credibility. They will thus have an interest, to check whether their publications are affected by this problem. If yes, they will want to correct this, and doing so will very likely collide with such admins. By this they will make their own personal experiences regarding their reactions, some fanatical, some simply thoughtless. This false behaviour striking visibly so near to themselves, will bring them to react against it.

Also the editors and publisher behind them will not like the loss of turnover and profit, any more than the rest of the economy. Add to this, that not only hits their marketing but their product itsself. And they are under pressure, so bring something new like this as first, not only as johnny come lately, which requires fast elimation of blocking admins. The press can thus not only open up their sites, but also spread knowledge of the problem with conviction.

10.5: Bloggers

Bloggers want to reach people. They lose the aimed for gain, when readers get thrown out by enforced-HTTPS. All from above applies to social or environment themed blogs. But it also applies to liberal or libertarian themed ones, because of rejection of dictatorship. Same to all conservative themed ones, against unnecessary change being forced upon them. All sides will be riled up by this false behaviour of admins, where it strikes at them.

The contradiction will also apply, rejecting such behaviour, but their site is doing it. The owners of blogging platforms will also not like it, as their income from page views gets reduced just as much, by throwing out readers. Here again, they can both open up their sites and also spread knowledge. Blogging sites are more likely open than many others, although in the meantime also nearly all of them are affected. (The same applies also for wikis, for page editors and platform operators, also nearly all affected.) (Same applies for web comics, for creators and readers, also nearly all affected.)

10.6: Other Web Admins

Apart from the admins employers their co-workers also are affected. Over 90% of the addressed web admins have fallen into paranoid insanity, but an unknown number of other admins may have not. All will however, because of this bad behaviour, receive damage to their professional image. They all risk getting a bad reputation, as officials had 100 to 300 years ago, and partially have kept up to the present day. The decent admins can clearly distance themselves from the problem, by showing that they and their sites are open. That will though, due to their smaller number, only have a limited effect. It will be better, should they engage themselves to turn around the insane in their profession. The faster the problem is solved, the less the reputation of all will suffer, including theirs.

But this will most likely work the least well, seeing the demonstrated lack of mercy towards other people on part of the fanatics. Especially as some of them have already proven willingness, to sacrifice their own reputation, or even to lose their friends, for something so "important". This could though, after the problem becoming widely known, still become too much for some of the fallible admins. Up to now they could wipe it under the table as a minority problem, but less so when a larger part of the public turns against them.

At least this effect can reach all those web admins who only acted thoughtlessly, following a "This is how one does it today" teaching, but now noticing its error turn around. Some who believed in it and convinced took part, may perhaps change sides, after seeing and understanding the damage they have caused. The same applies for some professional authorities, who uncritically spread the fanatics teachings and have recommended these as "best practise". The same applies to web software designers, who recommended such configurations to the admins, or even without asking underhanded such to them. Same to security departments, which have prescribed such.

10.7: Other Crypto Users

Apart from employers and co-workers also other crypto users are affected. Over 90% of the addressed web admins have fallen into paranoid insanity, but an unknown number of other crypto users have not. Some of them will fear, that the reputation of cryptography will generally get damaged. They know very well, that they have already by spreading crypto threatened the states surveillance. Some of them have now even sabotaged it, by hiding the majority of web traffic using underhanded HTTPS. Some already now fear, that the state is annoyed and want to reverse this development. First attempts are already being seen in 2019, to disparage crypto as a hiding place of criminals and present this as something which can not be allowed, to justify measures against it. (Addendum 2023: The Corona news flood of 2020 seems to also have washed this away.)

Some will then fear, that the state could use this opportunity for a counterstrike, when enough of the public mainly associates crypto with "protection" against supposed "dangers" and not with protection against real crimes. Or even worse, instead of merely regarding it as uninteresting, come to see it as fanatic or at least dictatorial. After which adversaries of crypto in the state could organise themselves, to exploit the situation, in this not only demanding also-open, but enforcing only-open.

No matter if this would be full prohibitions of crypto. Which is though actually not to be expected, because encryption does have legitimate uses, such as securing critical passwords and credit card numbers. Or if this would be only a prescribed systematic MitM measure to undermine crypto. Which is also quite unlikely, because comparing signatures to verify servers also has legitimate uses, such as uncovering MitM attacks, which try to underrun crypto.

A more likely measure would be, to force server operators to open up "back doors" for the state, allow it access to the transferred data. Which does not prevent protection of credit card numbers and passwords (these can be selectively replaced with XXXX, as on reciepts), but still gives the state what it wants to have. The crypto fanatics would though thus lose what they want to have.

This could be done, with crypto because of sabotage declared as mostly illegal, with offering it only legally allowed if servers are operated with back doors. (Which assumedly will only apply to crypto for encryption, which the state wants to get rid of, not to crypto only for comparing signatures or authentication, which does not disturb it, if anything helps.) This followed by forcing compliance with this by blocking net access. Thus all profit oriented Web 2.0 mass providers will comply immediately. Less critical Sites will perhaps even simply eliminate HTTPS entirely, to avoid the work for and risk from back doors. (Do not forget to first clear any HSTS before redirecting to HTTP, else users will be locked out.)

Only small activist providers will resist such law, which though produces far less smoke screen. These providers become thus recognizable and prosecutable, short time active but as soon as well known gone again. Normal people will not use such unreliable sites, which will reduce the smoke screen even more. The most likely survive then inconspicious sites for small closed groups. Normal people will not find nor use such hidden sites, only activist cells or criminal gangs bother themselves with such. That will exactly focus the state on both of them, and distance normal people further from them.

The above disparaging is assumedly already aimed at laying a base, to legitimate such a law. The state could now exploit this opportunity, to make such a non-concealable measure acceptable to a majority of the population, as soon as enough normal people regard the supporters of crypto not just neutrally as peculiar, but reject them as saboteurs or even fanatics.

Add to this also part of the populace, which will be pissed off. Feeling exploited, because of the unasked for underhanded redirect to abuse their data traffic for building up the smoke screen. This against all known public opinion. For politicians this makes enacting of laws against it easy.

All of this happening is far more likely, than the micro danger from spying should one use HTTP. And the later already suffices, to drive many crypto fanatics into insanity. After which crypto users may start to fear the loss of what they believed to have for sure. This exactly because of the involved peoples massive overblown fear-based way of thinking! This will especially hit the fanatic web admins fully, as for them crypto is so important because of fear, that they want to force it onto all.

From this threat of losing it can come new fear, and get some to turn around and open up their sites. Followed by striving, to get others to do the same, to reach the target of getting enforced-HTTPS web sites to below 10% fast, to reduce the problem getting known, and so fend off the threatening loss. A reversal which will scatter doubts, will divide the movement, break the up until now solid internal group dynamic of confirming one-other's fears. The more recognize this danger and turn round, the more of them will scatter. This will result in a reverse feedback loop, which hits increasingly, as an exact reverse of the internal group dynamic, which spread the insanity. Fear meme directly against fear meme. This can thus become very effective. (Addendum 2023: Crypto users have entirely failed to take this text serious and spread it among themselves, have thus lost this chance, despite Corona giving them more Time.)

10.8: Preventing Regulation

What could also happen, is that the lawmakers are pissed off from this behaviour. No matter if it disturbs democratic politicians, that a group of self-appointed dictators are acting without any legitimation. Or if it disturbs non-democratic rulers, that someone is taking power without their permission. Both could result in wanting to enact laws against it.

Add to this here also a populace, which will be partially pissed off. Be that feeling cheated, because of the expropriation from behind. Or because of the misuses as smoke screen against measures they wanted. Or just having enough of security measures, which too often unnecessarily harm more then the "dangers" that they are supposed to prevent/reduce. Or maybe simply take this as occasion, to express their uneasiness, regarding being ever more dependent upon invisible people, over whom they have little or even no influence, and whose behaviour too often does not coincide with the interests of users. For politicians this makes enacting of laws against it attractive, in the fight for votes.

As part of this enforced-HTTPS could be recognized as discrimination against the life-styles of various types of HTTP users. Followed by placing under official prohibition above criteria where enforced-HTTPS is unacceptable. Or even extend demands of net neutrality to servers, transfer data without imposing themselves. With thus prohibition against any enforced requirements which go above minimal technological functional necessity or system integrity. This is normally the case with all other infrastructure and can also be here. Facultative securing may be offered, but only if the user demands it by an explicite action (such as clicking on a "Secure" link), and only if they can also unsubscribe it (with "Unsecure" link).

(Same could also happen to enforced-TLS, placing under prohibition where it is unacceptable. Or even because of preventing sending direct expand prohibition to using the "reject without testing content" form of DUL. Or even, because of preventing mail lossen, further to using any IP addresses or host names or other meta data based techniques, including SPF. Or even also demand net neutrality of servers, with thus prohibition against any enforced spam filtering imposing itself. Facultative filtering may be offered, but only if the user explicitely orders it, after recieving honnest description of loss risks of offered variants, and if they can also unsubscribe it.)

Those who complain, should this happen, that once again freedom has been reduced by regulations, and then claim that personal responsibility is better, do have a point. But they should also consider, that such large words should be followed by fitting deeds, to accept this responsibility, else only irresponsibility results. In particular they should not just use such as an excuse to hide egoism behind! These can now only go and complain to all those, who have once again delivered a great demonstration, of how much personal responsibility has failed, at least by them. By which they have worked into the hands of all those, who want to regulate something as socially important as the Internet. This first large scandal of the Internet could easily become its Titanic case.

Those who don't want this, can perhaps still try to prevent it. This would require a counterdemonstration of "just in time" recognizing the problem and opening up again. This could help, to convert some web admins (and possibly also mail admins), who do not want to work under such regulations. Further also get those to exert themselves, to turn others around.

11: What is to be expected as reactions?

Those targeted will of course not watch the proceedings against them without reacting. Especially attempts to deny all accusations are to be expected, when their ego blocks itself against being broken open. Even more because they, blinded by it, do not recognize their attack as such, and will thus be dumbfounded by any form of criticism. That is just the normal behaviour of people who are affected by loss of reality, or just thoughtlessly follow such, that they due to lack of observation miss all signs of danger.

11.1: Excuses

Anyone who meets such admins and criticises them, can expect a mass of excuses. The following are various examples of such which have already been seen, together with fitting answers to them.

First excuse will surely be, that they have done everything correctly, so as it "should be". This is a standard method of such people, to regard what they believe in to be the only correct way, thus redefining everything that contradicts it as false. Here also applies the universal behaviour of "good ones", who are only so according to following external rules, instead of from true inner goodness. Thus they fall quickly into badness, as soon as their rules allow it or even demand it. But continue to regard themselves as good, because they are following their rules. All criticism is thus rejected as "not justified", according to their rules. This also a standard method of failed bureaucrats. Here one can answer, they should have noticed, that others regard other stuff as right.

Then surely comes, that they just wanted to make the net more secure for all, to protect people. This is also a standard method, to distract from bad effects with good intentions, no matter what the actual consequences for others are. This goes up to the old known "the end justifies the means" as their most extreme excuse. Especially politically motivated behaviour is very succeptible to this. It happenes so often, that "the path to hell is paved with good intentions" in the form of "he had good intentions" has become a standard criticism in form of false praise. Here one can answer, throwing someone out is far more damaging than the threatening micro danger, "protection" which harms more than it protects is no such.

Then just as surely comes, that they did not know, that they were causing damage. Here one can answer, that not knowing was initially acceptable. Nobody can know everything, that is biologically given. It follows though from this, that no one can know if they cause damage! One should correspondingly advance with caution, as part of this consider whether something could cause damage, as often happens with security measures. One should thus especially pay attention to complaints, that something causes damage. To react to such with rejection is simply unacceptable. Latest after being warned guilt ensues, and they become perpetrators und the affected victims. Such rejecting, instead of accepting, exposes the "protection" as a lame excuse.

Further excuse surely comes, that this is todays state of the art, one does it so, or even this is expected so. This also a standard method, to distract from detailed effects using generalities. Up to the old known "done exactly as commanded", which is though totally unscrupulous. Here one can answer, that technology should serve the users, as they want or even need it, and not harm them. This may be followed by them claiming, that this is recommended procedure. Then one can answer, they should not any more respect professional authorities, who have unattentively taken up a teaching and uncritically spread this, which harms users so badly. (These authorities will either recognize their errors and want to distance themselves from these, so effect a reversal, or become unbelievable, so at least not spread this any more.)

Another excuse to be expected is, that HTTPS is necessary, to prevent accidents which would happen if it also works without. This is also a standard method, to distract from one damage, with wanting to prevent another damage, and presenting the later as more important despite it being the lesser. Here one can answer, such accidents are also preventable with less dramatic methods. Simply without HTTPS have no function-critical edit links nor credit card links suffices for this, plus offer HSTS for direct to HTTPS where it is wanted. Perhaps thereafter comes a further excuse, that this would require work, to rebuild and extend the web site software. Here one can answer, this is only a small amount of work, and laziness is not an acceptable reason for excluding some people entirely from the web.

Also surely comes, that this is "essential" security, thus "it has to be so", despite being irrelevant for way over 90% of all people for over 90% of their web traffic. This statement comes directly from their fears, which is why they consider it as absolutely important. After all crypto has exactly because of this become a holy cow for them. Here one can answer, that it is the user's decision, how much and which type of security they want to have and what price they are willing to pay for it. If they consider it as unimportant or too expensive, they should be allowed to live without it. That is essential freedom. Denying them this, instead of accepting their will, exposes such "protection" as fanatism.

Surely they will often repeat, that we should "go and upgrade", followed by statements, that there is then no problem, only those who "offend" against this have such. Given that this was already repeatedly brought up during Plan A. This is also a standard method, to preach their moral teaching, as a case of the old known "it only hits sinners so it is not a problem". Here one can answer, no one may demand from others, that they must live according to someone else's moral views. Everyone should respect, that others also have freedoms and they are allowed to live accordingly.

Also surely they will often repeat, that we are supposedly adversaries of crypto. Again this was often used during Plan A. This is also a standard method, to distract from criticism by shooting down a straw man. Here one can answer, that we do not reject cryptography or HTTPS as such, as these have justified uses. We only reject enforced-HTTPS, because that prevents living our lives. We neither want all-crypto nor nothing-crypto, we want to be able to choose what to use. They may have crypto, and we may be without. We are not adversaries of crypto, but avoiders of crypto. They are not only supporters of crypto, but also fanatics of crypto.

They sometimes go to an even lower level and simply defame us as stupid and/or ignorant. This was also often used during Plan A. This is also a standard method, to distract from criticism by not taking critics as serious, up to even mocking them. Here one can answer, that such attacks on a person clearly show up, how much they are lacking in effective arguments. (After the first publishing of this text a common reaction was, according to the description by a colleague, to treat this all as a "joke intermezzo of a backwards Swiss entirely without a clue". Perhaps these mockers should remember, that the Swiss have a long tradition of fighting for freedom, which includes toppling overinflated regents from their high horses.)

Even more surely will come decrying this as an "attack", latest when they start being hit by job losses. This is also a standard method, to blame the victims after these defend themselves. This is the thinking of every ruler, who regards the rebellion as guilty, also evers system that degenerated to dictatorship, which regards the resistance as guilty. This especially because they do not recognize their own actions as an attack, and thus see the victims counterstrike as the first. Here one can answer, that they should not have launched a general attack on 15 to 50 millions of people. Or at least should have, after attacking without noticing it, noted the criticism and aborted their attack, instead of failing Plan A. Thus only Plan B became necessary, to effect a stop of their attack by external pressure. Add to this, that their actions have left the victims only few possibilities, and that their collateral damage to their employers only enabled this Plan B. Which is the reason, why we resistance are now striking back with it. This is not an attack, but a defence by counterstrike, in the form of showing up the collateral damage they have caused. Blaming the victims is thus just a case of punishing the bringer of a message. This double so when they, after their behaviour has been exposed, are requested by their employers, to stop doing damage. But then either reject this and for that get fired, or they as rejection of this request hand in their notice.

11.2: Risks

Possibly there will be accusations from uninvolved crypto users, should they fear damage of reputation for crypto from this action, or even such damaged reputation gets exploited for actions against them. After which they complain, that they are also getting hit by collateral damage, or at least subjected to the risk of this. Here one can answer, this is unfortunate, that they may also be affected. But the reputation of a movement suffers from the damage that its most visible extremists create. Many movements have failed from this. They should have noticed and rejected the fanatics in their movement. But they did not do anything, just let these spread their views and behaviour without being criticised.

Even during the Plan A phase, none of them helped to criticise the fanatics, which perhaps would have allowed doubts to arise in some of the involved admins, perhaps still would have saved Plan A. That however did not happen, perhaps because some were too much astonnished by the behaviour of the fanatics. Which is why now Plan B has been initiated. Despite some risk, that they may get collateral damage as a result of it.

That because this approach is unavoidable, as the web admins by their enforced measures do not give us any other choice. For us as completely uninvolved users else total loss of the web is certain. Whereas for them as involved only loss of crypto threatens and this only maybe. Lesser damage and less risk and that for more involved people is acceptable, because lesser evil.

The best that remains now with Plan B, is to succeed in rendering such admins harmless, as fast as possible, so that the target of getting enforced-HTTPS web sites to below 10%, according to the Telnet Test, is achieved fast. For this they can "thank" the fanatics, who killed Plan A. But also "thank" all others, who did not stop them, and thus did not help Plan A succeed. Which could drive both groups, to tidy up faster. But also earn them at least some sympathy and pity, should they become victims of collateral damage.

With tidying up the need to spread this criticism further disappears. Less people find out about it. Damage to reputation of crypto and the risk from that are minimized. Their best chance for this consists of, that spreading of the word among themselves should be faster, than spreading the information to the general public, including the professional press being faster than the general press. But this will only work, if they do not refuse themselves, for whatever reasons. Else applies the old insight, that those who come too late get punished by world history.

Should crypto become lost due to this campaign, one can advise them, to question their overblown fears. For this they can contrast themselves with normal people, without the twisting influence of the group dynamics of their fear subculture. While this they can recognize, that there exist two types of security, running away and hiding oneself or if necessary fighting with uncovering and collecting an alliance.

The digital society moves anyway unavoidably and exponentially towards arbitrary data availability. This is already known for decades and by some gets called Technological Singularity or Technopathy. In such a society secrets as a strategy have no long-term survival chance, are an obsolete approach. Already mid 1990s the expression "privacy was yesterday" appeared among attentive insiders. The reason, why such regard those who still today deny this as living in the past.

It is thus better, to prepare oneself for the coming future, regard its digital openness not as a threat, but as a chance. After all it is those, who have more to hide, that have more to lose from this, in a world where the majority of people are decent. These today tolerate a lot, but not intolerance against others. By which all acceptable people can get help from many, especially against aggressors, including all attackers which they fear. At least as soon as the attacked create a PR disaster for the attackers, exactly as it is being done with this text. The old saying of "honest lasts the longest" will in the digital world unavoidably become increasingly important.

(The best real answer to possibly misused surveillance is correspondingly the surveyed state, including freedom of press to show up misuses discovered by this. That was already recognized centuries ago by the founders of democracy, despite them only having paper and quill and post coaches, plus in best case a print shop and newspapers! An Insight which also lead to prohibition against censorship, because that prevents such communication. People who despite knowing the digital world, still do not understand this, have got a lot to catch up.)

Who now claims, that the mass in the middle is not decent, should urgently revise their picture of this mass. The widely spread expression of "look at how stupid the average is, and half are below that" may be mathematically correct. But the rating of the average as stupid, is far below the real level which they have. This becomes misestimated, because most people's views are strongly influenced by news media, which for spectacle mainly show the 5% worst, plus a bit of the best 5% should they stand out enough. The 90% between are largely ignored or at least marginalized.

In reality the populace in the middle is far better than its reputation and in particular way better than any "better" dictatorial groups. Worst case the middle does not know, or has even been deliberately misinformed. Generally one can assume, that most of the populace respects the freedom to live as one wants (at least as long as one respects their and others freedom to live as they want), and rejects any "freedom" to harm others (no matter whether damage by deliberately prohibiting something or just by knowingly as side effect preventing it).

Only someone who really has something to hide will not get any help, rightly so. Those whose behaviour repulses the mass in the middle so badly, should anyway be asking themselves, what they are doing wrong? Why do they want to live a behaviour, to which they can not openly stand before most others? Those who still think, that their behaviour is right, only gets rejected injustly, should ask themselves, why they are not committing themselves to stopping this rejection by informing others? Something which many groups, who have been persecuted for centuries or even millennia, have done in the last decades, with success, by making the populace in the middle knowing, instead of leaving them misinformed. (But here probably the "for us or against us" mentality of paranoid insanity stands in the path of recognizing neutrals, and also prevents noticing this approach.)

11.3: Earned

The above remarks only apply to crypto uses, who are not involved in the enforced-HTTPS affair, or possibly still to former ones who have turned around. It does not apply to the fanatics, who really deserve any form of damage that comes to them. After all they have inflicted heavy losses upon us, up to guaranteed throwing out of the web, and thus being pushed to the side of society. They were also not to be dissuaded from this. They thus left us only the choice of the lesser damage.

Which is why we are now purposefully striking back at them. This with a tactic of "Here we will else die anyway, so break through the middle of the enemy, because we will so more likely survive". For this we aim that the web becomes open again for all. In best case with admins recognizing the problems caused and thus reforming themselves. Or simply them accepting what we want, because of threatened job loss. Or worst case eliminating non-correctable fanatics from their jobs, if not even threat works. In this we are not begrudging them any fitting loss. That all is Plan B.

Should though possibly also regulations ensue, we will not begrudge them that loss. The same applies also to enforced back doors, or up to MitM measures, or even up to full prohibitions of crypto. We recognize, that next to us avoiders of crypto there also exist real adversaries of crypto, which possibly will now profit.

But this is the fault of those, who destroyed Plan A and thus left us only Plan B. They have thus ultimately indirekt worked into the hands of their enemies. More precisely they have turned us neutrals into further adversaries, by attempting to exterminate us. Most likely they also only made the state into an actual adversary, by sabotaging it's surveilance, whereas before it was only a potential one.

Should the state now want to prosecute them, and for this exploit the damage to their reputation by our action, they have brought the state up against themselves, and driven us to giving it this opportunity. Common enemy thus creates allies. They from this fully deserve any damage that may result. For irony such a consequence would nearly be impossible to outdo. (Even more so when one considers, that they started with fearing the state becoming a dictatorship, as reaction to this became dictators themselves, and now fail because of victims who want to dispose of their dictatorship, and the state which exploits this.)

Contrast this with it, that persecuted should as strategy conceal themselves, and surely not as contradicting tactic produce avoidable public annoyance. This applies just as much, if they only imagine the persecution. They should certainly not have created so great a damage, that the victims of this want to explicitly proceed against them. Regardless of if collateral damaged web users want to show up their actions, or if targetted state wants to eliminate their sabotage. For which they could now become persecuted for real.

This even more so, when they attack the entire world, with this hitting 15 to 50 millions of victims. Which practically guarantees, that at least someone is among so many affected, who is both affected (all retro computer users who are unavoidably getting thrown out), who also understands what is happening (because many retro computer users understand technical stuff well), and who knows how to make a PR desaster out of this (from as older generation already having decades of observing and analysing such), and who has a tradition of committing themself (from the retro computer scene being self-organized), and who can afford time for this (after losing many surf opportunities), and who has the drive for this (from double annoyance of loss of web and wasted time because of fighting against annoying fanatics instead of working on interesting projects).

Those who want to complain about the damage which ensues, should remind themselves, how they acted towards the victim's complaints about the damage being done to them. Those who then did not grant consideration, can now expect none. Who wants to have freedom to use crypto, but disregards others freedom to avoid crypto, may lose his freedom just as much, deservedly. Only who respects others freedom, can gain and keep his own. But they ignored this principle of consequences. Just as they ignored using the entire principle of being cautious. As also the principle of accepting criticism from others.

Especially fear prevents using intelligence due to panic reaction, and thus causes selective stupidity. Thus all this was not noticed and prevented, all because of overblown fear of supposed danger. Thus came into being another case of, who will not listen to criticism, has to feel loss. They will reap what they sowed. That applies even if it becomes an expensive lesson, up to massive loss. Even if an "overstreched the bow" situation occurs: They wanted too much, what they already had breaks, is unrepairable, they lose all.

Mercy they have none to expect, that the victims deserve, not the perpetrators. At the best they may still hope for forgiveness. But recieving that requires first recognizing their mistake, then stop making excuses and accept their guilt, with showing remorse and for bettering aborting their attack. After which end of their barbarism is and civilisation again becomes possible.

How many wise old sayings fit here so well, shows how much long known this all would actually be. But if one can often learn something from history, it is that many people learn nothing at all from it. They repeat mistakes already done many times, to obtain their own personal lesson. In particular insufficiently intelligent egoists fail not only at comprehending of respect for other people, but also at learning from others mistakes. Even more know-alls believe, they do not have to learn anymore, especially not from any lesser knowing, ignore so what others have learned. Even from previous already fallen know-alls nothing is learned, because those were provenly not knowing, and are thus "not relevant". After which they repeat same errors and also fall.

Life exists for learning. Some do this easily. Others fail at this, and only thus get into situations, where they have to make it up far more difficult. What they did not learn by education and observation, now has to be rectified by own experience. A far more expensive way. All that remains is to hope, that this lesson becomes expensive enough, to make it clear to many of them, how much nonsense they have perpetrated. Followed by recognizing and bettering themselves, after which they in future will respect other's freedom, to decide according to their own criteria. And that with lasting effect, because of the damage and pain caused by this lesson.


Home | Save HTTP !

This page is by Neil Franklin, last modification 2023.11.10