(July 17, 2018 at 9:56 pm)Jehanne Wrote: I understand what you are saying; maybe a non-profit certification authority could do the heavy-lifting?
How would sites be certified? What would certification actually mean? Would Joe "Look, Ma, I can do WordPress all by myself" Schmo be able to get certified? What if, after certification, their site gets pwned one way or another? What about false positives - sites still in development that are mistakenly/accidentally pushed to the public (it happens more than it should)?
There are a ton of sites out there. New, legit sites are popping up all the time. We're only just beginning to get heavy SSL adoption with Let's Encrypt, but, from a technological standpoint, it's child's play. Especially on shared hosting where it's literally a control panel button click. As a defined problem, it's trivial - is the connection between client and host encrypted? Determining a site's overall safety, or, even more, it's intent is a much harder problem to solve.
Not saying it can't be done, but it's not as simple as just making a white list of certified sites and calling it a day. There's a lot to consider, especially regarding the tension between how stringent the hypothetical certification process would be and the idea of an open internet. That, and browser adoption. The vendors have their own interests, and generally speaking, one of Apple/Microsoft is usually absent of any kind of joint foundation whose mission is setting some kind of web standard.
"I was thirsty for everything, but blood wasn't my style" - Live, "Voodoo Lady"
