Since you're asking about
retro web specifically....
imagine you were an evil trickster demon or something (
) on the mission to completely ruin the retro web/simple web for its users. The hiccup: you can only change one tiny thing about how it works. What would it be?
Force every websites to require HTTPS, i.e. encrypt against choices.Unfortunately, this is not a hypothetical what-if anymore: it has already been ruining the web since last decade because Google (ab)used their power to bury the site deep in search result if it refused to encrypt against users' choice; thus pressuring webmasters to
bow down to this policy or be lost in the endless ocean of the Internet-- never to be found by "normies" again.
Plan old unencrypted HTTP is the thing which guarantee that any WWW browsers and each WWW server across the entire version range since the late 1990s
(1), no matter of hardware/software platform it run, can communicate to each other and exchange information. Barring actual uses which secrecy was essential, like online banking/shopping, logging in with username/password, or showing encryption key information; sites ought not discriminate against their viewers on the basis of availability of encryption, to achieve the goal of universal availability of information.
HTTPS should be available, but NOT mandatory.I am old enough to witness the phase out of SSL 3.0, TLS 1.0, and TLS 1.1; as well as getting affected along with whole swath of browsers and platforms that became cut off from the web in collateral. And now, some pundits even try to push to obsolete TLS 1.2 (the newest version I could use) despite no serious security breakage happening that would make it invalid for security use, i.e. phasing out wholly because of techno-fashionista reasoning.
I could no longer read
All The Tropes since the middle of last month exactly because of this. I haven't tried to contact them about it yet, because I'd have to change machine to do so.
Many servers are also configured to reject TLS connection for the most petty reason possible, such as when client
also said it supported older protocol version alongside with the new one. (This caused a lot of problem with clients that
do support the necessary TLS version but don't provide configuration option to disable older versions) And these doesn't even account hairy issues of ciphersuite incompatibilities that caused something like Opera 11.51 to fail on many websites despite it being explicitly configured to use only TLS 1.2, because it only supported ciphers running in traditional CBC mode.
I also remember the
ISRG's Lets Encrypt root certificate trust changeover from years ago, which also barred several generations of mobile devices off the web as well; generating a tsunami of e-waste in the process.
Mandatory-TLS is an upgrade treadmill, antithesis of simplicity, and a bane of technological longevity.It must be terminated.
P.S. And to my great chagrin, Gemini protocol mindlessly copied this
encrypt against choice mentality, and inherited this ugly flaw. Instead of being a new protocol which would do the right thing in ensuring proper backward+forward compatibility through time, it puts artificial barrier to discriminate against retrocomputers and old software platforms from the start. Thus for this reason, in the realm of non-mainstream Small Internet protocols,
I advocate for the old-school Gopher, and
against the newfangled Gemini.
(1) I stressed the late-1990s cutoff specifically, because that was when the transition between the nonexistent client support for HTTP `Host:` header, to its mandatory inclusion in HTTP/1.1 took place. Without this header, shared hostings would become inaccessible.