I think the term “encrypted” should just mean “end to end encrypted” when it comes to describing online services. I don’t care that you’re using TLS.
41
100
13
906
Agree. Relatedly, the fact that you can say this reflects one of cryptography’s most complete success stories. Third-party passive interception of ‘net traffic has basically disappeared as a practical threat.
4
7
1
133
Yeah, the numbers on transparencyreport.google.co… (about halfway down the page) are pretty good. Reasonable people might disagree over whether that's good enough to count as "basically disappeared".

Dec 28, 2021 · 10:45 PM UTC

1
4
The amount of (mostly nonsensitive) cleartext doesn't need to be zero. I can't remember the last time I heard of an actual attack involving passive interception of net traffic. Encryption has forced attackers to (more difficult) endpoint attacks.
2
3
A reason to push non-TLS towards zero is that user agents (e.g., browsers) can't distinguish which sites need which combination of authentication, integrity, and confidentiality. Getting it to zero lets software make more meaningful promises to its users.
1
1