Fair point, I am not pretending that everyone will have same requirements and oppinions.
But even with SSL at least the domain is still visible. And in some cases there are ways to infer what URL you actually visited.
I also see companies using MITM successfully in a way that unless you check the cert your self it seems legit. I still use HTTPS when I go to Google but I can see the cert is spoofed.
And what about the people that don't care and are effectively prohibited from using a public data site at all since the site decided to use HTTPS only? Do way say we don't care about them? Since few years back we wanted our sites to be available to everyone, on old browser new browsers, mobiles and so on.
And having people smarter then me (like Roy Fielding) agreeing this does not do much for privacy rather content confidentiality (and actually making communication less private) is not making me any more convinced.
Bottom line, and I don't expect everyone to agree, is that I am all for using SSL even by default, but for public data I would still want to have access to it over plain HTTP.
I want/need that choice, otherwise we are hindering corporation employees and people living in the countries in which governments do massive surveillance. I think it is important for people to realise that SSL is not the ultimate solution for data integrity and specially privacy as it is often posed to be.
