by impactworks
Google wants everything on the web to be travelling over a secure channel. That’s why in the future your Chrome browser will flag unencrypted websites as insecure, displaying a red “x” over a padlock in the URL bar.
With this upcoming change in Chrome, Google makes it clear that the web of the future should all be encrypted, and all sites should be served over HTTPS, which is essentially a secure layer on top of the usual HTTP web protocol. Several companies and organizations have been pushing for more encrypted sites as part of a campaign to “Encrypt All The Things,” which consists of promoting more websites to abandon the traditional, less secure HTTP protocol and adopt HTTPS.
Currently, Chrome displays only an icon of a white page when the website you’re accessing is not secured with HTTPS, a green locked padlock when it is, as well as a padlock with a red “x” on it when there’s something wrong with the HTTPS page the user is trying to access. The change will draw even more attention to the sites that are potentially insecure.
[clickToTweet tweet=”Contact ImpactWorks today to get your website SSL installed and back towards the top of Google search results!” quote=”The goal of this proposal is to more clearly display to users that HTTP provides no data security.” theme=”style5″]
The internet giant quietly announced this plan back in 2014, when one of the members of the Chrome Security Team sent out a proposal to mark all HTTP websites as “non-secure.”
“The goal of this proposal is to more clearly display to users that HTTP provides no data security,” Google’s Chris Palmer wrote.
On Tuesday, during a presentation at the Usenix Enigma security conference in San Francisco, an engineer at security firm CloudFlare showed how this looks like today when the user enables a special feature in Chrome’s settings, and presumably how it might look like in the future if it’s enabled by default. (You can see the little red “x” on the padlock in the URL bar.)
The future. More like this coming down the pike.
Parisa Tabriz, who manages Google’s security engineering team, tweeted that Google’s intention is to “call out” HTTP for what it is: “UNSAFE.”
The rationale is that on every website served over HTTP the data exchanged between the site’s server and the user is in the clear, meaning anyone with the ability to snoop on the connection, be it a hacker at a coffee shop or a repressive government, could steal passwords, private messages, or other sensitive information.
But HTTPS doesn’t just protect user data, it also ensures that the user is really connecting to the right site and not an imposter one. This is important because setting up a fake version of a website users normally trust is a favorite tactic of hackers and malicious actors. HTTPS also ensures that a malicious third party can’t hijack the connection and insert malware or censor information.
Google’s intention is to “call out” HTTP for what it is: “UNSAFE.”
Tech and privacy experts applauded Google’s plan.
”Chrome pushing forward on marking plain HTTP as outright insecure is an incredibly strong and pro-user move,” Eric Mill, a technologist who’s been working on web encryption, told Motherboard. ”Despite how common plain HTTP can still be today, it *is* outright insecure, and a real and present danger to users and to the open web.”
Google already signaled its preference for HTTPS websites when it called for HTTPS to be “everywhere” on the web during its 2014 I/O conference, and when it announced that it would rank encrypted sites higher in search results. But the internet giant is far from the only big player on the web pushing for more HTTPS. Mozilla and Apple have both indicated that they want more web encryption. And even the US government has taken important steps in that direction, requiring all .gov websites to be HTTPS by default before the end of this year.
Google hasn’t said when it will make the HTTP flag the default on Chrome, but a Google employee who asked to remain anonymous because he wasn’t authorized to speak to the press told me that there will be an announcement “soon” and that the intention is to make it default “someday, hopefully.” (A Google spokesperson declined to comment.)
But if you want to see how it looks like, you can already turn it on by typing “chrome://flags” in your Chrome browser and then navigate to “mark non-secure as” and selecting “mark non-secure origins as non-secure.”
impactworks
ImpactWorks is continuously working to deliver the highest quality and best-developed creative and technical services to help you launch your business’s Internet and technology initiatives.
I discovered your blog site on google and check a few of your early posts. Continue to keep up the very good operate. I just additional up your RSS feed to my MSN News Reader. Seeking forward to reading more from you later on!…
|The author’s expertise on the subject shines through brilliantly.
I’d have to examine with you here. Which is not one thing I usually do! I take pleasure in reading a post that may make folks think. Additionally, thanks for permitting me to comment!
I appreciate, cause I found just what I was looking for. You’ve ended my 4 day long hunt! God Bless you man. Have a great day. Bye
Renew: An OverviewRenew is a dietary supplement that is formulated to help in the weight loss process.
What is Lottery Defeater Software? Lottery software is a specialized software designed to predict and facilitate individuals in winning lotteries.
What Is Sugar Defender? Sugar Defender is a new blood sugar-balancing formula that has been formulated using eight clinically proven ingredients that work together to balance sugar levels.
Wow, this blogger is seriously impressive!
Great write-up, I’m normal visitor of one’s site, maintain up the excellent operate, and It is going to be a regular visitor for a long time.
Unquestionably believe that that you stated. Your favorite justification appeared to be on the web the easiest factor to consider of. I say to you, I definitely get annoyed while other folks consider worries that they just do not recognise about. You managed to hit the nail upon the top and outlined out the entire thing with no need side-effects , people could take a signal. Will likely be again to get more. Thank you
Incredible! This blog looks exactly like my old one! It’s on a entirely different topic but it has pretty much the same layout and design. Excellent choice of colors!
Francisk Skorina Gomel State University
I as well as my pals happened to be taking note of the good hints found on your web page then at once came up with a horrible suspicion I never thanked the web site owner for those strategies. These women are actually consequently happy to study all of them and have truly been making the most of those things. Appreciation for actually being really helpful and then for utilizing some beneficial subject areas millions of individuals are really eager to be informed on. Our sincere apologies for not saying thanks to you earlier.
Keep up the amazing work!