Goodbye HTTP.

Browsers are changing for the better. Starting today, nonsecure requests will not be honored by Google.

Please use HTTPS, Web 2.0 isn’t perfect and we wait for Web 3.0 but until then, please be secure.

Addendum: Before We Said Goodbye to HTTP, We Said Goodbye to Something Else

The push toward HTTPS is right. But it is worth pausing to remember what we are actually mourning when we say goodbye to the old web and why the loss runs deeper than a protocol.

The Internet Before the Lawyers and the Terrorists Got There

In the 1980s and early 1990s, the internet was not a product. It was a place built by researchers, hobbyists, and curious minds who shared the radical idea that information wanted to be free. ARPANET gave way to Usenet, FidoNet, and the BBS scene, where you dialed in at 2400 baud and found communities of people who had made their way there on purpose. There were no algorithms. There were no engagement metrics. There was signal and noise, and you learned to tell them apart. Heck, it was built for an event that never occured – nuclear war.

The World Wide Web that Tim Berners-Lee released in 1991 was a gift: stateless, open, and deliberately without a business model. You published a page because you had something to say. People found it because they were looking. Commerce came later, reluctantly, through a web that was not designed for it.

That internet had problems. It was not equitable. It was technical, often hostile to newcomers, and small. But it had a culture rooted in intellectual honesty: you cited your sources, you gave things away, and trust was earned in public, not manufactured by a recommendation engine.

1998 and 2001: Two Moments That Closed the Door

The Digital Millennium Copyright Act of 1998 was the first significant legislative imposition on a network that had grown up without one. Passed in anticipation of an industry that feared what sharing looked like at scale, the DMCA erected fences around information and handed the keys to rights holders. The chilling effect on linking, quoting, archiving, and building was immediate and lasting. The open web did not die that day, but it began to understand it was not welcome everywhere.

Then came September 11, 2001.

The PATRIOT Act was signed into law 45 days after the attacks , a bill few in Congress had read, passed in grief and urgency, that fundamentally restructured the relationship between the state and the citizen’s digital life. Section 215 authorized bulk collection of communications records. National Security Letters expanded without judicial review. The internet went from a space the government largely ignored to a space the government could compel providers to surveil in secret, with a gag order attached.

Edward Snowden’s 2013 disclosures confirmed what civil libertarians had argued for a decade: the architecture of mass surveillance had been quietly constructed atop the same network infrastructure that carried your email and your searches and your voice calls. The internet did not become a surveillance tool after 9/11. The infrastructure to make it one was assembled steadily, legally, and with industry cooperation, in the years that followed.

Twenty-Five Years of Facebook Selling You Back to Yourself

Mark Zuckerberg launched Facebook in 2004. By 2006 it was open to anyone with an email address. By 2012 it had a billion users and had gone public on a valuation built entirely on advertising revenue derived from behavioral data. The product was never the social network. The product was always you, your relationships, your opinions, your location, your fears, your attention packaged and auctioned in real time to whoever would pay.

This was not a secret. It was the business model, disclosed in plain terms in every earnings call and SEC filing, visible to anyone willing to read it. What was less visible was the precision of it: the shadow profiles of non-users, the off-Facebook activity tracking, the emotional contagion experiments run without consent, and the decade-long claim that the platform was a neutral conduit while it actively shaped what people saw and believed.

Cambridge Analytica made the abstraction concrete. In 2018, it became undeniable that the personal data of 87 million Facebook users had been harvested through a third-party quiz app and used to build psychographic profiles for political targeting. Facebook had known. The data had been transferred in violation of its own policies. The company had done nothing until journalists made it impossible to ignore.

The deeper point is not Cambridge Analytica specifically. It is the 25-year accumulation: a company that normalized the surrendering of identity as the price of participation, that convinced a generation that having no privacy was a reasonable trade for a feed of photographs, and that built an advertising infrastructure so precise that it knows what you want before you do. Meta owns Facebook, Instagram, and WhatsApp. It has more intimate data about more human beings than any organization in history, including most governments.

What HTTP and HTTPS Never Fixed

HTTPS encrypts the connection between your browser and the server. It does not encrypt what you say to Facebook. It does not protect you from the business model. It does not restore the presumption of innocence that bulk surveillance eroded. It is a correct and necessary improvement to a protocol that was never designed for a world of commerce and adversarial actors.

But the internet we are securing with HTTPS is not the internet that was worth securing. The open, federated, curiosity-driven network of the 1980s and 1990s is mostly gone replaced by five platforms, three cloud providers, one advertising duopoly, and a surveillance apparatus that operates at the intersection of all of them.

Goodbye HTTP. We hope the thing we are protecting with HTTPS is worth protecting. The evidence, so far, is mixed.