Dr Marvel's wonder liniment...
"What I am not OK with is for my ISP to know which articles I read.."
It's amazing how many people have unrealistic expectations about the security offered by HTTPS.
It DOES NOT not prevent your ISP from tracking sites or pages you visit.
It DOES NOT prevent advertisers from acting as MITM, and reading passwords you type into the main website. Or, even logging all keystrokes typed into the browser. It is a trivial piece of coding to demonstrate that this is still possible on an HTTPS site.
It DOES NOT prevent the kind of mass password thefts we've seen so many of in the news recently. This is because the password is decrypted as soon as it arrives on the webserver. Just in time for a malicious process planted on that server to snaffle it.
It DOES NOT correctly identify the source of the data you see in the browser. The 'padlock' info fails to mention that data is also being supplied under numerous other certificates, as well as the declared one.
When HTTPS is used for its intended purpose (Protecting single-origin banking transactions) it does the job it was designed to do. It is not HTTPS which is at fault here. It is the hard-sell marketing hype which is the problem.
Biting the hand that feeds IT
