Chrome’s long-promised HTTP ‘not secure’ website warnings arrive

A slide from a Google I/O talk where the company’s engineers urged website operators to encrypt website connections with HTTPS.


Screenshot by Stephen Shankland/Techhnews

Three and a half years ago, Google predicted that the day would come when Chrome would warn us all of the security risks of using the web’s seminal HTTP technology to deliver web pages to your browser.

That day is today.

Google’s newest web browser version, Chrome 68, gives new prominence to a broad effort to curtail surveillance, tampering and security risks on the web by showing a “not secure” warning for any HTTP website. Instead, Google wants website operators to use HTTPS, which adds encryption to the connection between your browser and the computer hosting a website.

HTTPS blocks a number of problems, like injecting ads, getting your browser to run software to mine someone else’s cryptocurrency or sending you to fake websites used to steal your passwords. For details, check Techhnews’s FAQ on Chrome’s “not secure” warning for HTTP websites.

The “not secure” warning doesn’t indicate that you’ve been hacked — just that you’re not as protected if someone tries to do so.

HTTPS now is commonplace

HTTPS once was rare, protecting logins and e-commerce transactions. But now it’s common. Most of the big sites you might use daily — Facebook, Yahoo, Google, Twitter, YouTube, Reddit — have long offered HTTPS.

But it’s not universal. It’s not hard to find sites like ESPN that send you to an unencrypted HTTP connection even if you specifically type “https://www.espn.com” into your browser’s address bar.

Chrome is changing how it handles websites loaded HTTP, which doesn’t encrypt data. The old way shown at top is being replaced with a “not secure” warning shown in the center example. At bottom is the warning Chrome shows if you click on the information icon.


Stephen Shankland/Techhnews

Chrome is the top browser, accounting for 59 percent of website usage, according to analytics firm StatCounter. So its choices carry a lot of weight.

Protecting website communications with HTTPS used to be more difficult, in part because it cost money. But an effort sponsored by Google, Mozilla, Facebook and others called Let’s Encrypt has made it free to obtain the necessary certificate. It still takes work to update a website to HTTPS, though.

Next phases in Chrome’s HTTPS plans

Google’s stance against HTTP and in favor of HTTPS change has been gradual. It began by with warnings when HTTP was used on web pages where you could share sensitive information like passwords and credit card numbers. Today’s warning, shown in black wording on the left side of Chrome’s address bar, is for any HTTP website.

The change Tuesday that arrives with Chrome 68 isn’t the last, though. Chrome 69 in September will change from today’s green-word “secure” label for HTTPS websites to less obvious black. Chrome 70 in October will change the “not secure” warning to more noticeable red words. And a later version will remove the “secure” label for HTTPS websites, reflecting Google’s belief that HTTPS encryption should be the norm, not something you should have to check for.

Security:  Stay up-to-date on the latest in breaches, hacks, fixes and all those cybersecurity issues that keep you up at night.

Blockchain Decoded: Techhnews looks at the tech powering bitcoin — and soon, too, a myriad services that will change your life.

Source link


Leave a Reply

Subscribe to our newsletter

Join our monthly newsletter and never miss out on new stories and promotions.
Techhnews will use the information you provide on this form to be in touch with you and to provide updates and marketing.

You can change your mind at any time by clicking the unsubscribe link in the footer of any email you receive from us, or by contacting us at newsletter@techhnews.com. We will treat your information with respect.

%d bloggers like this: