@eli Yeah. Part of the problem here is that the drive to dissociate HTTPS from 'secure' establishing it as a more private norm, while sensible overall, also requires wholesale reeducation of the user base about what is and isn't secure. They're doing all of the changes but none of the education.