This "non-trivial number of users" is already compromised or very close to it. Because Microsoft is no longer issuing security updates for Internet Explorer on Windows XP, you can probably assume that Internet Explorer on Windows XP is insecure in other ways that could compromise your users' confidentiality.
Startssl.com offers free certs
Unlike web hosting, StartSSL does not auto-renew.
contact your hosting provider, and they should be able to do this for free or a very small charge; if they want an arm and a leg, it's time for you to find a better host.
For a small site, WebFaction will probably work unless much of your audience uses Internet Explorer on Windows XP.
Perhaps operators of a read-only web site with a premium section are afraid that someone will read the premium section by Firesheeping your subscribed user account.
The passive observer can see which IP you're going to, and in everything but Internet Explorer on Windows XP, the passive observer can see which hostname on that IP (the SNI field in the ClientHello message).
Why do we need security to view academic articles
The site needs SSL's confidentiality to protect your session cookie, which represents your subscription to the journal that includes the academic article, from getting Firesheeped by an eavesdropper. And you need SSL's integrity and authenticity to ensure that the data tables in the article aren't modified in transit.
I fail to see how going to my local newsite to read about the new antics of our clown politicians needs to be encrypted [...] I will encrypt what I deem to be sensitive in nature.
Your session cookie, which represents your privilege to read the news site, is "sensitive in nature".
and load slower because the proxy can't cache it when a fellow work colleague visited the site earlier in the day.
Just because your "fellow work colleague" paid for a subscription to your local news site doesn't mean you did as well. Even if the site isn't paywalled, you could install the root certificate of your office's HTTPS proxy and surf through that.
It has bugged me for years that unencrypted plain text data is given a pass, but a self-signed certificate with encryption brings up a warning that requires multiple clicks and in some cases even importing a certificate to get through.
I think this double standard relates to the difference in end users' expectations when they see "http" or "https" in the address bar. People have been conditioned to think it's OK to put in a password or a credit card number just because the URI scheme is "https".
Why must any site be unencrypted?
Because it may not be worth it for every operator of a small web site to pay extra per month to a hosting provider and certificate provider to enable encryption. In the case of StartSSL, this payment is not in money but in the labor to renew every year. And though modern browsers support Server Name Indication (SNI) to allow name-based virtual hosting over HTTPS, HTTPS shuts out those remaining users of Internet Explorer on Windows XP unless you pay your hosting provider extra for a dedicated IPv4 address.
I trust that self-signed cert more than any of your "trusted" CAs you fuckers!
The untrusted certificate warning page offers a button to view and add a certificate. If and only if you have verified the key fingerprint of a particular site's self-signed certificate out of band, it's secure to click that button. Just don't expect the general public to add your own site's self-signed certificate without giving them a secure way to verify that they're not behind a MITM.
If you verify the self-signed certificate the first time you use it, it can't be substituted for another self-signed certificate at any later point in time without triggering an alert.
In other words, the logic commonly used with SSH. But it doesn't help if you happen to be behind a man in the middle "the first time you use it". For this first time, you still need some other way of verifying the key fingerprint.
For one thing, the SCOTUS ruling applies to selling individual physical copies. The Steam, Nintendo eShop, PlayStation Store, and Xbox Live Marketplace services make a new copy on each machine where a game is installed. So the first sale rule about importation of a lawfully made copy doesn't quite apply.
And even in the case of disc games, differences in copyright term can still make a copy "not lawfully made". Let me give a more concrete example: Say there was a book written in 1925 by someone who died in 1940, and someone adapts it into a video game. Thus the video game is a derivative work of the book. Selling a copy of the game in Europe is legal because the copyright in the book expired at the end of 2010. Selling a copy of the game in the US would not be legal until the end of 2020. Under what logic would the derivative become legal to sell in the US just because it was lawfully sold in another country with a shorter copyright term?
"adds", typo for "ads", short for "advertisements", which is an immersion-breaking way that some video game developers cover costs that the sticker price alone won't cover.
How much of that 30% is the cost of dubbing the voice acting into German? In Great Britain, they can get away with selling the US version, as American is still mutually intelligible with British English.
Sales tax and the cost of complying with the #VATMESS are included in the price in EUR countries but not in the USD country. That alone makes up for an exchange rate on the order of 1 USD = 0.8 EUR.
I was under the impression that some region coding exists because of different copyright laws. It might be legal to sell a game in Europe but not in the United States if it's based on a work whose copyright has expired in the European Union (70 years after publication for works made for hire) but not in the United States (95 years after publication for works made for hire), or vice versa (US: 95 years after publication for 1923-1977 individual works; EU: 70 years after death of last surviving author for all individual works).