@crunklord420 ok I actually watched the video and it's even more performative than I thought, he brings up good points about root CAs being handed out like they're nothing and how unsecure ACME is, and says the one time he installed https "software" it didn't work and he gave up. He then rolls his own https server with bogus rsa keys to trick acme into giving him a cert that can be hacked for less than $100 in compute, as well as not caring about session management which makes it trivial to steal other people's sessions because, he's... lazy? I found his "httpv" (v for vulnerable) project very funny but if it wasn't made under the guise that this was to stick it to google who puts up scary messages on his unencrypted site that he's too lazy to change, and calls things like updating server software as "shaming tactics by max security purists", I wouldn't have thought of it as stupid and pretentious. Also he compares the forceful authentication requirements of modern websites to ICE agents and immigration offices which is so funny and topical. I liked and subscribed.