I'm not in favor of HTTPS-all-the-things but I believe you have some misconceptions there.
"HTTPS isn't a magic solution, it won't prevent your service provider from being hacked, and if a hacker gets their hand on the server's data, HTTPS won't prevent them from abusing it."
True, but it's another layer of defense, which is what security is all about. You shouldn't enable HTTPS and call it a day, you do it as part of your overall security alongside with hashing passwords, setting secure cookies, etc.
"HTTPS won't help you with [content integrity]"
Yes it will! It will help prevent man-in-the-middle-attacks.
You can have the most secure website on earth, but if you transmit information in plain text anyone can see it and possibly modify it in transit.
The rest is more of the same, you seem to think that HTTPS is being proposed as a solution, when it's only part of the solution, and it's actually a very important part that shouldn't be neglected.
I think we all value our bank's and email's passwords the most, but you're right that that we should all give of our passwords more importance than seems at first sight.
Here's a couple of posts from Brian Krebs as examples of the uses of a hacked account:
Authored Comments
I'm not in favor of HTTPS-all-the-things but I believe you have some misconceptions there.
"HTTPS isn't a magic solution, it won't prevent your service provider from being hacked, and if a hacker gets their hand on the server's data, HTTPS won't prevent them from abusing it."
True, but it's another layer of defense, which is what security is all about. You shouldn't enable HTTPS and call it a day, you do it as part of your overall security alongside with hashing passwords, setting secure cookies, etc.
"HTTPS won't help you with [content integrity]"
Yes it will! It will help prevent man-in-the-middle-attacks.
You can have the most secure website on earth, but if you transmit information in plain text anyone can see it and possibly modify it in transit.
The rest is more of the same, you seem to think that HTTPS is being proposed as a solution, when it's only part of the solution, and it's actually a very important part that shouldn't be neglected.
I think we all value our bank's and email's passwords the most, but you're right that that we should all give of our passwords more importance than seems at first sight.
Here's a couple of posts from Brian Krebs as examples of the uses of a hacked account:
https://krebsonsecurity.com/2013/06/the-value-of-a-hacked-email-account/
https://krebsonsecurity.com/2012/10/the-scrap-value-of-a-hacked-pc-revi…