From July, Chrome will name and shame insecure HTTP websites

Shame! Shame! says carrot-dangling Google


Three years ago, Google's search engine began favoring in its results websites that use encrypted HTTPS connections.

Sites that secure their content get a boost over websites that used plain-old boring insecure HTTP. In a "carrot and stick" model, that's the carrot: rewarding security with greater search visibility.

Later this year comes the stick. This summer, Google will mark non-HTTPS websites as insecure in its Chrome browser, fulfilling a plan rolled out in September 2016.

Starting with Chrome 68, due to hit the stable distribution channel on July 2018, visiting a website using an HTTP connection will prompt the message "Not secure" in the browser's omnibox – the display and input field that accepts both URLs and search queries.

"Chrome's new interface will help users understand that all HTTP sites are not secure, and continue to move the web toward a secure HTTPS web by default," Google explained in a draft blog post due to be published today and provided in advance to The Register.

Warnings ... How users will be alerted

Beware the looming Google Chrome HTTPS certificate apocalypse!

READ MORE

Because Chrome holds something like 56 per cent of the global browser market share across mobile and desktop platforms, Google's name-and-shame label is likely to be noticed by a great many Chrome users and by any websites those fans no longer visit due to security concerns.

While many websites will be affected, plenty are already in compliance. According to Google, 81 of the top 100 websites use HTTPS by default, over 68 per cent of Chrome traffic on Android and Windows occurs over HTTPS, and over 78 per cent of Chrome traffic on Chrome OS and macOS and iOS travels securely.

Google offers a free security auditing tool called Lighthouse that can help developers identify which website resources still load using insecure HTTP.

The Chocolate Factory's shunning scheme follows a similar tack the company has taken to issue warnings to websites that rely on dodgy Symantec digital certificates. ®

PS: You can get free legit SSL/TLS certificates to make your site HTTPS from Let's Encrypt.

Similar topics


Other stories you might like

  • I was fired for blowing the whistle on cult's status in Google unit, says contractor
    The internet giant, a doomsday religious sect, and a lawsuit in Silicon Valley

    A former Google video producer has sued the internet giant alleging he was unfairly fired for blowing the whistle on a religious sect that had all but taken over his business unit. 

    The lawsuit demands a jury trial and financial restitution for "religious discrimination, wrongful termination, retaliation and related causes of action." It alleges Peter Lubbers, director of the Google Developer Studio (GDS) film group in which 34-year-old plaintiff Kevin Lloyd worked, is not only a member of The Fellowship of Friends, the exec was influential in growing the studio into a team that, in essence, funneled money back to the fellowship.

    In his complaint [PDF], filed in a California Superior Court in Silicon Valley, Lloyd lays down a case that he was fired for expressing concerns over the fellowship's influence at Google, specifically in the GDS. When these concerns were reported to a manager, Lloyd was told to drop the issue or risk losing his job, it is claimed. 

    Continue reading
  • End of the road for biz living off free G Suite legacy edition
    Firms accustomed to freebies miffed that web giant's largess doesn't last

    After offering free G Suite apps for more than a decade, Google next week plans to discontinue its legacy service – which hasn't been offered to new customers since 2012 – and force business users to transition to a paid subscription for the service's successor, Google Workspace.

    "For businesses, the G Suite legacy free edition will no longer be available after June 27, 2022," Google explains in its support document. "Your account will be automatically transitioned to a paid Google Workspace subscription where we continue to deliver new capabilities to help businesses transform the way they work."

    Small business owners who have relied on the G Suite legacy free edition aren't thrilled that they will have to pay for Workspace or migrate to a rival like Microsoft, which happens to be actively encouraging defectors. As noted by The New York Times on Monday, the approaching deadline has elicited complaints from small firms that bet on Google's cloud productivity apps in the 2006-2012 period and have enjoyed the lack of billing since then.

    Continue reading
  • It's a crime to use Google Analytics, watchdog tells Italian website
    Because data flows into the United States, not because of that user interface

    Another kicking has been leveled at American tech giants by EU regulators as Italy's data protection authority ruled against transfers of data to the US using Google Analytics.

    The ruling by the Garante was made yesterday as regulators took a close look at a website operator who was using Google Analytics. The regulators found that the site collected all manner of information.

    So far, so normal. Google Analytics is commonly used by websites to analyze traffic. Others exist, but Google's is very much the big beast. It also performs its analysis in the USA, which is what EU regulators have taken exception to. The place is, after all, "a country without an adequate level of data protection," according to the regulator.

    Continue reading

Biting the hand that feeds IT © 1998–2022