There are a few reasons, but since you worded that question ambiguously, I'm not sure if you know that HTTPS doesn't protect privacy. It can verify data in-transit is not tampered (maybe--see NSA note below), but nothing is anonymous (both sides of the connection, and everyone in the middle, know who they're talking to). Maybe the URL is private, but that's a very low bar for privacy.
There's also a problem with how certificate authorities are run which I strongly disagree with. People trust them because corporations trust them, which is already bad, because those same corporations are in-bed with NSA and probably other "security" agencies (which are hard to tell apart from criminal syndicates). If we moved to an HTTPS-only world (Universe, please forbid) there would be an absolute CA racket, and any website could be censored by having the CA revoking its certificate. I fear very much for that possibility, and I completely disagree with the direction that corporate browsers are taking by moving towards HTTPS-only, and especially false messaging like when Chrome reports websites as "non-secure". Firefox, which along with Mozilla is almost entirely funded with Google dollars, is going the same direction.
Another problem is if an ISP is tampering with a customer's connection, that is a social problem and not a technical one. Sure, some technical measures may mitigate that from happening, but ultimately the problem is social and users of that network should stop using it, or start tunneling their traffic some other way.
I provide HTTPS as a convenience for people downloading my software who otherwise wouldn't check my PGP sigs. Browsers like Chrome have false messaging claiming sites are "not secure" and techno-illiterate users don't understand what that really means, and they complained, so I listened but still advise everyone to check the signatures anyway.
Another major reason is that I don't care to support HTTPS for the rest of my life on my personal website. If I were to start supporting it, then everyone will start linking to the HTTPS version, then I could never get rid of that because redirecting back to HTTP requires HTTPS. I never collect any kind of data through my website--there are no form submissions, it's read-only and purely serves .html pages (not even server-side rendering). There's not really a purpose to a secure connection for that.
This only scratches the surface of these problems. I won't even get into how certificate authorities assign, then revoke, bogus certificates all the time--but that happens more than they will ever admit to. If you do a search for that, even just on Ars Technica, you'll find a lot of examples.
My biggest complaints may be summarized as, "we need completely distributed human-to-human trust without any corporate authorities."
There's also a problem with how certificate authorities are run which I strongly disagree with. People trust them because corporations trust them, which is already bad, because those same corporations are in-bed with NSA and probably other "security" agencies (which are hard to tell apart from criminal syndicates). If we moved to an HTTPS-only world (Universe, please forbid) there would be an absolute CA racket, and any website could be censored by having the CA revoking its certificate. I fear very much for that possibility, and I completely disagree with the direction that corporate browsers are taking by moving towards HTTPS-only, and especially false messaging like when Chrome reports websites as "non-secure". Firefox, which along with Mozilla is almost entirely funded with Google dollars, is going the same direction.
Another problem is if an ISP is tampering with a customer's connection, that is a social problem and not a technical one. Sure, some technical measures may mitigate that from happening, but ultimately the problem is social and users of that network should stop using it, or start tunneling their traffic some other way.
I provide HTTPS as a convenience for people downloading my software who otherwise wouldn't check my PGP sigs. Browsers like Chrome have false messaging claiming sites are "not secure" and techno-illiterate users don't understand what that really means, and they complained, so I listened but still advise everyone to check the signatures anyway.
Another major reason is that I don't care to support HTTPS for the rest of my life on my personal website. If I were to start supporting it, then everyone will start linking to the HTTPS version, then I could never get rid of that because redirecting back to HTTP requires HTTPS. I never collect any kind of data through my website--there are no form submissions, it's read-only and purely serves .html pages (not even server-side rendering). There's not really a purpose to a secure connection for that.
This only scratches the surface of these problems. I won't even get into how certificate authorities assign, then revoke, bogus certificates all the time--but that happens more than they will ever admit to. If you do a search for that, even just on Ars Technica, you'll find a lot of examples.
My biggest complaints may be summarized as, "we need completely distributed human-to-human trust without any corporate authorities."