HTTPS is a joke

[MartinMuzatko]

I don't see a point using HTTPS everywhere, when I am just consuming content.
And for making transactions, HTTPS is not enough.
You can acquire a certificate easily these days. So many people are happy to sign in to https://paypaI.com (with uppercase i) and give away their credentials, just because it says "secure" . HTTPS doesn't mean the page is secure or not abusing your data for something else. At best it will securely transmit your data to attackers.

I would love to add to this point that HTTPS is a good first step, but it doesn't prevent attackers from getting your data. You need to deliberately inspect what the website is offering and apply common sense. This would be a perfect place to link to the Sensible Computing part.

[Lissy93]

Objectively speaking, not a single one of these steps is enough- it's when they are all used in combination with each other, when you start to strengthen your defences. But I do agree that this should be clearer.

Also your point about HTTPS is very true, and I wouldn't like the reader to get the impression that they can just use HTTPS or something, and then automatically be safe.
So I added an entry into the Sensible Computingsection, in commit f69585e. But feel free to edit it or add anything else in a PR - Cheers for the suggestion 🙌

[MartinMuzatko]

Looks good. Thank you for the addition :)