Downloads are no longer available over HTTPS? Topic is solved

[dark_moon]

I wonder why the Pale Moon downloads on website are no longer available over HTTPS

[New Tobin Paradigm]

They never were or should have never been offered via HTTPS.. Doing so for public files adds a lot of overhead and work for the servers. Besides, there are PGP keys and/or SHA256 hashes for you to confirm authenticity. If that isn't enough and the download is suspect you can always ask...

[BenFenner]

Tobin, you're forgetting one of the (main?) benefits of encryption. What about those who want to download the file, and maintain privacy by not announcing to anyone listening that they are downloading said file?

[hackerman1]

Why do you need to hide that you are downloading Pale Moon...?
You can use a VPN if you need to hide your traffic.

[dark_moon]

I never say i need to hide my traffic.
Even a VPN dont hide your traffic- ist just goes first over the VPN and then to your ISP. Yes, its then encrypted but you need to trust the VPN more then your ISP. Can you that?

Also downloads over HTTPS is for integrity, but the GPG and checksum file over HTTPS is fine.
I thought Pale Moon itself was available over HTTPS. My bad memory...

[GMforker]

Tobin, you're forgetting one of the (main?) benefits of encryption. What about those who want to download the file, and maintain privacy by not announcing to anyone listening that they are downloading said file?

Because there are different views...
viewtopic.php?f=26&t=8913#p59358
viewtopic.php?f=4&t=14619&p=107592#p104839

[Moonchild]

Downloads have never been available over https, by design.

https exists for security, i.e. secure connections for the transmission of sensitive data, not integrity. Downloading a public binary of Pale Moon is not sensitive data. In-transit tracking of your connections to see what you've downloaded has nothing to do with whether the target site is https or not (and on top, a DNS request for a release mirror host on palemoon.org already gives that away)...

If you don't trust the integrity of what you downloaded, check the SHA-sum, check the cryptographic signatures provided alongside binaries, or check (on windows) the properties of .exe files, tab digital signatures, for the code-signing signatures which also guarantee an untampered binary.