Why in fuck's sake would you create a new service and not offer TLS/SSL to your free tier clients ?

Because money! Same reason Zoom said they won't offer E2E to the free tier.

I get it. It's clearly money... and money is important , but if the company does this I hear "money is more important than user security" which means they probably don't have dedicated security staff either, because they won't want to pay for them.

I guess you would have liked their free tier if only it had TLS? See, that doesn't pay their bills, that's why.

Also, they don't put their users at risk. People who build actual prod services around the free tier do, and then because they themselves are freeloaders.

@Jilano but today you can get free certs so money yes, but they are trying to force people to use their paid service.

@Fast-Nop Yup. As a paid feature withhold reliability, support, durability, you name in it. I'll pay when I'm ready to move into production. Don't withhold security. That's low.

@devphobe The free tier seems to be meant for testing, and it's totally fine for that. Hence also the limited, but otherwise probably fully functional connection plan.

I bet that even with the limited connection plan, some cheapskates would try to base their prod setup on the test tier.

Kinda unrelated but I absolutely love how some web hosts only work with free Let's Encrypt certs if you're on an expensive enough hosting plan

@12bitfloat My previous hosting provider tried to pull off that shit, along with the some "but phishing sites use LE" moron logic.

Now I'm with another provider who got it right, and the previous provider lost me as paying customer instead of nudging me into an upgrade. When leaving, I made it clear to them in in no uncertain (but professional) terms why I left.

@Fast-Nop sure, some phishing sites do use LE.

But if thats a problem, all phishing sites use the internet, better avoid that to ;)

Do a handshake and forget about it