Change to exclusively use HTTPS providers? (and some suggestions of providers to add)

[x11x]

Problem statement

I wonder if it is a good idea to use only HTTPS providers? I can't comment much on specific security risks of using non-TLS providers for this purpose (querying external IP), other than the general well-known risks of plaintext communications. I think the consensus system used in go-external-ip can greatly mitigate MITM attacks, and maybe prevent them completely if at least one provider is using TLS (especially the way go-external-ip is designed to give more weight to TLS providers).

However, on the other hand, is there any real reason to use non-TLS providers when we can change to only HTTPS providers? Is it faster to use HTTP-only providers? (I have not tested, can't see it being that big a difference, especially if we are waiting for multiple providers to get consensus anyway).

All current HTTP-only providers now support HTTPS except:

• http://whatismyip.akamai.com
• http://diagnostic.opendns.com/myip - seems to be down altogether (not being served on HTTP and gives {"message":"Not Found"} on HTTPS)

To make up for removing Akamai, there are others that could be added such as:

• https://ipinfo.io/ip
• https://api.ipify.org/
• https://wtfismyip.com/text
• https://ifconfig.me/
• https://ipkitten.com/
• https://ipecho.net/plain
• https://ip.me/ (from proton.me)
• https://am.i.mullvad.net/ip
• https://domains.google.com/checkip
• https://myexternalip.com/raw
• https://myip.dnsomatic.com/ (from opendns.com)
• https://lumtest.com/myip (from brightdata.com I think? formerly Luminati Networks)
• https://tnedi.me/ (mirror of ident.me as mentioned in #7)

(all of these URLs return plain text when requested from non-browser useragent)

Steps to reproduce

N/A

Environment

N/A

[x11x]

Note: many of those services I linked also offer v4, v6 or both APIs, I have not investigated that yet.