Monday, February 12th 2018

Google To Integrate "Not Secure" Tag in Websites Sans HTTPS

Google has been one of the more vocal advocates of a HTTPS-based web, and the company is mounting an offensive of sorts that aims to push web page managers to adopt the more secure protocol. Starting July of this year, with Chrome 68, the Google web browser will start marking all non-HTTPs websites as "Not secure", thus warning users of heightened security risks. From the way Google is doing this, it seems the company hopes users that see the "Not secure" badge on web pages will start gradually choosing other options for their web surfing habits - HTTPS-enabled options, ideally - and thus force page managers to upgrade their security to stem the leaving user base.

Google has some interesting bullet points as it pertains to the adoption of HTTPS; they say that over 68% of Chrome traffic on both Android and Windows is now protected; over 78% of Chrome traffic on both Chrome OS and Mac is now protected; and that 81 of the top 100 sites on the web use HTTPS by default (which this editor would personally expect to be closer to 100 out of 100, but there are just some websites that really can't be moved). In the blog post announcing the change, Google engineers also bring attention to the company's Lighthouse utility, which automagically scans web pages for non-HTTPS elements, highlighting them, and noting those that can easily and painlessly be converted to their secure, HTTPS equivalent - which in some cases, might even enable more powerful tools.
Source: Chromium Blog
Add your own comment

8 Comments on Google To Integrate "Not Secure" Tag in Websites Sans HTTPS

#1
EarthDog
Haven't they been doing this for a while? I recall my Chrome doing this for several months now?
Posted on Reply
#2
R-T-B
"EarthDog said:
Haven't they been doing this for a while? I recall my Chrome doing this for several months now?
Firefox has.
Posted on Reply
#3
evernessince
HTTPS is great as a basic level of security but it's time we move past it. It's already been proved hackable with multiple different methods, including tools used by the NSA. Once these methods become more common place, they will become a real issue.
Posted on Reply
#4
Prima.Vera
"evernessince said:
HTTPS is great as a basic level of security but it's time we move past it. It's already been proved hackable with multiple different methods, including tools used by the NSA. Once these methods become more common place, they will become a real issue.
Like what?
Posted on Reply
#5
EarthDog
Lol, everything is hackable...https is better than nothing.
Posted on Reply
#6
lexluthermiester
"evernessince said:
HTTPS is great as a basic level of security but it's time we move past it. It's already been proved hackable with multiple different methods, including tools used by the NSA. Once these methods become more common place, they will become a real issue.
While you are correct, it takes serious resources and a delivered effort to pull off. When it comes to typical web browsing habits, the government is not going to waste their time and effort. General hackers however don't have the massive compute power needed to do something like that. But you're also right about moving on. The industry needs to stay ahead of the curve and move to 512bit ciphers.
"EarthDog said:
Lol, everything is hackable...https is better than nothing.
Right. But it is still strong enough to stay effective.
Posted on Reply
#7
evernessince
"lexluthermiester said:
While you are correct, it takes serious resources and a delivered effort to pull off. When it comes to typical web browsing habits, the government is not going to waste their time and effort. General hackers however don't have the massive compute power needed to do something like that. But you're also right about moving on. The industry needs to stay ahead of the curve and move to 512bit ciphers.

Right. But it is still strong enough to stay effective.
Yeah, I agree on that point. My only worry is that we aren't staying ahead of the curve. Hackers at some point will have the resources and we have to be prepared. If I've been taught anything by the last 2 years, it's that you want to be proactive with your security measures.
Posted on Reply
#8
lexluthermiester
"evernessince said:
it's that you want to be proactive with your security measures.
Could not agree more.
Posted on Reply