Should feeds require HTTPS?
Mon, Dec 3, 2012 at 4:52 PM by Dave Winer.
  • A picture named accordionGuy.gifI said no, feeds should not require using HTTPS, and got an email from a developer friend asking me to explain, which I am happy to do.
  • If you think everyone who wants to read your feeds uses an aggregator that's being regularly updated then you won't lose any readers. But maybe you'll miss the one person who could help everyone understand your product.
  • Engineers tend to think users are fungible. One user is as good as every other user. So if you lose 1 percent or 5 percent, no big deal. But it might be a big deal. And it might be more than 5 percent.
  • However if your users are creating great stuff that a lot of people want to read, then it might not matter, because eventually everyone will get to read your feeds, no matter what they're using. Over time, all aggregators will support HTTPS if enough developers of feeds require it.
  • If it should turn out that way, it'll be a pain in the butt to get my aggregator working with HTTPS, but if you make it compelling enough I'll do it. And I'll be pissed because it's time I'd rather spend doing something creative. Not make-work, because I can't see for the life of me why you need to push RSS over a secure connection. :-)