You claim the second most important reason for using HTTPS is my privacy, yet you share all pages I visit with Google analytics.
As long as 90 percent of all websites keep using analytics, authorities only have to go to one place with their warrant to get more or less your complete surf history. And by adding SSL to your site you make things like Privoxy useless.
I think its strange no one has pointed this out in the SSL hysteria going on right now.
> You claim the second most important reason for using HTTPS is my privacy, yet you share all pages I visit with Google analytics.
I think that's a totally fair point. Our use of Google Analytics isn't changing any time soon, but we do plan to add a third-party disclosure page that makes it clear what third parties have some window into our visitors' browsing:
This includes otherwise invisible things, like our host, Amazon, and (until we implement OCSP stapling, which is happening soon) our CA during revocation checking (in some browsers).
FWIW, we do turn on the Google Analytics anonymization flag, which instructs Google to chop off the last IP triplet before they write the data into their database. Of course, that depends on trusting Google to keep their promise, but it's something.
As long as 90 percent of all websites keep using analytics, authorities only have to go to one place with their warrant to get more or less your complete surf history. And by adding SSL to your site you make things like Privoxy useless.
I think its strange no one has pointed this out in the SSL hysteria going on right now.