Please invite me somewhere we can share the same network, you know, so you can showcase your brilliance and websites that don't use HTTPS while I steal every piece of personal data I can.
Seriously, security is not a fucking joke, stop dicking around...
No need to be condescending. Many people still haven't learned about security and don't know the difference between https and http. They probably are of the mindset as well that if the site isn't taking or sending data, then they don't need it.
Educate on the reasons instead.
It's what I do, but when they have years of experience it sends me flying. And those dead set on being wrong. I should have tagged the post as a rant
...while I steal every piece of personal data I can.
Would you elaborate this part a little bit? Can you define "personal data"?
The only thing I'm thinking is an MITM attack.
The main (and only?) issue is in fact MITM. But that's just the "open door". You can replace links to have bounces and steal unprotected data, or cross-domain data, without the user necessarily noticing. You could also just grab all cookies and send them to you, etc...
As for the definition, I'd play it safe and use the GDPR's definition of it:
any information relating to an identified or identifiable individual
ok