cross-posted from: https://lemmy.ml/post/14100831

"No, seriously. All those things Google couldn’t find anymore? Top of the search pile. Queries that generated pages of spam in Google results? Fucking pristine on Kagi – the right answers, over and ov

  • foggy@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    8 months ago

    Free certificates expose your subdomains. It’s not more secure if you don’t transact data in a meaningful way such as the example I provided.

    I don’t mean to insinuate that the example I provided is the majority of cases, and in the majority of cases, I do support sites with SSLs being indexed higher than websites without them, but I think the interstitial this website is not secure with the requirement of the advanced click followed by The continue anywaysclick…

    Idk

    Especially in 2018. Like, when we look at it from today’s perspective, it’s very easy to agree. And I do agree. But in 2018, it was not this way. Anyone who was a web developer with a bunch of clients, such as myself, was all the sudden in a very interesting hot seat. Not only did I need to try to upsell my clients, but I needed to convince them that not doing so was quite literally at their peril. It was difficult. And certain cases, it was impossible.

    • AnActOfCreation@programming.dev
      link
      fedilink
      English
      arrow-up
      0
      ·
      8 months ago

      If your subdomains being public is a security issue then I’d argue something else is wrong. Otherwise you’re using security through obscurity.

      But I appreciate the insight and I see how this was a harder sell back when it happened. Thanks!

      • foggy@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        8 months ago

        Not necessarily. Let’s say you’re a known contributor to a closed source project. You don’t want people knowing you have a locally hosted gitlab instance at gitlab.mydomain.com, for example.