• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Google To Integrate "Not Secure" Tag in Websites Sans HTTPS

Raevenlord

News Editor
Staff member
Joined
Aug 12, 2016
Messages
1,519 (2.71/day)
Likes
1,341
Location
Portugal
System Name The Ryzening
Processor Ryzen 7 1700 @ 3.7 GHz
Motherboard MSI X370 Gaming Pro Carbon
Cooling Arctic Cooling Liquid Freezer 120
Memory 16 GB G.Skill Trident Z F4-3200 (2x 8 GB)
Video Card(s) TPU's Awesome MSI GTX 1070 Gaming X
Storage Boot: Crucial MX100 128GB; Gaming: Crucial MX 300 525GB; Storage: Samsung 1TB HDD, Toshiba 2TB HDD
Display(s) LG 29UM68P (21:9 2560x1080 FreeSync Ultrawide)
Case NOX Hummer MC Black
Audio Device(s) ASUS Xonar DX
Power Supply Seasonic M12II Evo 620W 80+
Mouse Cooler Master Masterkeys Lite L
Keyboard Cooler Master Masterkeys Lite L
Software Windows 10 x64
#1
Google has been one of the more vocal advocates of a HTTPS-based web, and the company is mounting an offensive of sorts that aims to push web page managers to adopt the more secure protocol. Starting July of this year, with Chrome 68, the Google web browser will start marking all non-HTTPs websites as "Not secure", thus warning users of heightened security risks. From the way Google is doing this, it seems the company hopes users that see the "Not secure" badge on web pages will start gradually choosing other options for their web surfing habits - HTTPS-enabled options, ideally - and thus force page managers to upgrade their security to stem the leaving user base.

Google has some interesting bullet points as it pertains to the adoption of HTTPS; they say that over 68% of Chrome traffic on both Android and Windows is now protected; over 78% of Chrome traffic on both Chrome OS and Mac is now protected; and that 81 of the top 100 sites on the web use HTTPS by default (which this editor would personally expect to be closer to 100 out of 100, but there are just some websites that really can't be moved). In the blog post announcing the change, Google engineers also bring attention to the company's Lighthouse utility, which automagically scans web pages for non-HTTPS elements, highlighting them, and noting those that can easily and painlessly be converted to their secure, HTTPS equivalent - which in some cases, might even enable more powerful tools.

 
Joined
Dec 31, 2009
Messages
11,971 (4.02/day)
Likes
6,619
Location
Ohio
System Name Daily Driver
Processor 7960X 4.5GHz 16c/16t 1.2V
Motherboard MSI XPower Gaming Titanium
Cooling MCR320 + Kuplos Kryos NEXT CPU block
Memory GSkill Trident Z 4x8 GB DDR4 3600 MHz CL16
Video Card(s) EVGA GTX 1080 FTW3
Storage 512GB Patriot Hellfire, 512GB OCZ RD400, 640GB Caviar Black, 2TB Caviar Green
Display(s) 27" Acer Predator 144hz IPS + Yamakasi 27" 2560x1440 IPS
Case Thermaltake P5
Power Supply EVGA 750W Supernova G2
Benchmark Scores Faster than most of you! Bet on it! :)
#2
Haven't they been doing this for a while? I recall my Chrome doing this for several months now?
 
Joined
Aug 20, 2007
Messages
8,200 (2.13/day)
Likes
7,216
System Name New Genesis
Processor AMD Ryzen 1800X @ 4.1Ghz All Cores
Motherboard GIGABYTE X370 Aorus Gaming 5
Cooling A whole lotta Sunon and Corsair Maglev blower fans...
Memory G.SKILL TridentZ Series 32GB (4 x 8GB) DDR4-3200 @ 14-14-14-34-1T
Video Card(s) NVIDIA Titan XP Star Wars Collectors Edition (Galactic Empire)
Storage HGST Ultrastar 7k6000 2TB HDD (128MBs of Cache)
Display(s) BenQ BL3200PT (a 1440p VA Panel with decent latency)
Case Thermaltake Core X31
Audio Device(s) Onboard Toslink to Schiit Modi Multibit to Asgard 2 Amp to AKG K7XX Ruby Red Massdrop Headphones
Power Supply Seasonic PRIME 750W 80Plus Titanium
Mouse ROCCAT Kone EMP
Keyboard WASD CODE 104-Key w/ Cherry MX Green Keyswitches, Doubleshot Vortex PBT White Keycaps, Blue legends
Software Windows 10 Enterprise (From former workplace, yay no telemetry)
Benchmark Scores FS/TS Extreme FS 14011:https://www.3dmark.com/fs/14938447 TS 4769:https://www.3dmark.com/spy/3315715
#3
Joined
Jul 13, 2016
Messages
415 (0.70/day)
Likes
226
#4
HTTPS is great as a basic level of security but it's time we move past it. It's already been proved hackable with multiple different methods, including tools used by the NSA. Once these methods become more common place, they will become a real issue.
 
Joined
Sep 15, 2011
Messages
4,441 (1.89/day)
Likes
1,107
Processor Intel Core i7 3770k @ 4.3GHz
Motherboard Asus P8Z77-V LK
Memory 16GB(2x8) DDR3@2133MHz 1.5v Patriot
Video Card(s) MSI GeForce GTX 1080 GAMING X 8G
Storage 59.63GB Samsung SSD 830 + 465.76 GB Samsung SSD 840 EVO + 2TB Hitachi + 300GB Velociraptor HDD
Display(s) Acer Predator X34 3440x1440@100Hz G-Sync
Case NZXT PHANTOM410-BK
Audio Device(s) Creative X-Fi Titanium PCIe
Power Supply Corsair 850W
Mouse Anker
Software Win 10 Pro - 64bit
Benchmark Scores 30FPS in NFS:Rivals
#5
HTTPS is great as a basic level of security but it's time we move past it. It's already been proved hackable with multiple different methods, including tools used by the NSA. Once these methods become more common place, they will become a real issue.
Like what?
 
Joined
Dec 31, 2009
Messages
11,971 (4.02/day)
Likes
6,619
Location
Ohio
System Name Daily Driver
Processor 7960X 4.5GHz 16c/16t 1.2V
Motherboard MSI XPower Gaming Titanium
Cooling MCR320 + Kuplos Kryos NEXT CPU block
Memory GSkill Trident Z 4x8 GB DDR4 3600 MHz CL16
Video Card(s) EVGA GTX 1080 FTW3
Storage 512GB Patriot Hellfire, 512GB OCZ RD400, 640GB Caviar Black, 2TB Caviar Green
Display(s) 27" Acer Predator 144hz IPS + Yamakasi 27" 2560x1440 IPS
Case Thermaltake P5
Power Supply EVGA 750W Supernova G2
Benchmark Scores Faster than most of you! Bet on it! :)
#6
Lol, everything is hackable...https is better than nothing.
 
Joined
Jul 5, 2013
Messages
1,473 (0.87/day)
Likes
688
#7
HTTPS is great as a basic level of security but it's time we move past it. It's already been proved hackable with multiple different methods, including tools used by the NSA. Once these methods become more common place, they will become a real issue.
While you are correct, it takes serious resources and a delivered effort to pull off. When it comes to typical web browsing habits, the government is not going to waste their time and effort. General hackers however don't have the massive compute power needed to do something like that. But you're also right about moving on. The industry needs to stay ahead of the curve and move to 512bit ciphers.
Lol, everything is hackable...https is better than nothing.
Right. But it is still strong enough to stay effective.
 
Joined
Jul 13, 2016
Messages
415 (0.70/day)
Likes
226
#8
While you are correct, it takes serious resources and a delivered effort to pull off. When it comes to typical web browsing habits, the government is not going to waste their time and effort. General hackers however don't have the massive compute power needed to do something like that. But you're also right about moving on. The industry needs to stay ahead of the curve and move to 512bit ciphers.

Right. But it is still strong enough to stay effective.
Yeah, I agree on that point. My only worry is that we aren't staying ahead of the curve. Hackers at some point will have the resources and we have to be prepared. If I've been taught anything by the last 2 years, it's that you want to be proactive with your security measures.