3 min read

Unencrypted website? Expect to start being shamed by Google Chrome from January

Graham CLULEY

September 09, 2016

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Unencrypted website? Expect to start being shamed by Google Chrome from January

Too many websites are being lax with the security of your passwords and credit card information, and Google says enough is enough.

The problem is this. When you visit a website that asks you to enter your password or payment card details you want to feel confident not only that the website itself is taking care with how it might store that information, but also whether the information is being sent securely from your computer or mobile phone’s web browser to the site itself.

Because if that information isn’t being sent in a secure fashion between your device and the website, a malicious hacker could potentially intercept the data as it is being sent and grab your login password. Perhaps the most well known risk is if you happen to be using a public Wi-Fi hotspot and you can never be quite sure if that guy sitting in the corner is trying to sniff other people’s unencrypted data out of the air.

The good news is that more and more websites have jumped on board the HTTPS web encryption bandwagon, and users will have noticed the green padlock appearing in their browser’s address bar to indicate a secure, encrypted connection.

If you don’t see padlock icon in your address bar then you should not enter any type of sensitive information (passwords, bank account information, social security numbers, credit card numbers etc), because of the risk of eavesdropping.

But wouldn’t it be great if even more sites adopted HTTPS to properly protect our information?

Google certainly thinks so, and has announced that from January 2017 its Chrome browser will be marking “HTTP sites that transmit passwords or credit cards as non-secure”.

chrome-changes
Source: Google

The problem up until now is that Chrome hasn’t been explicitly pointing out that you’re on an HTTP webpage:

Chrome currently indicates HTTP connections with a neutral indicator. This doesn”t reflect the true lack of security for HTTP connections. When you load a website over HTTP, someone else on the network can look at or modify the site before it gets to you.

Studies show that users do not perceive the lack of a “secure” icon as a warning, but also that users become blind to warnings that occur too frequently.

In the future, Google plans to extend its HTTP warnings to cover more scenarios – its ultimate aim to “label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS.”

eventual
Of course if Google were to take that step straight away users would be seeing a *lot* of warnings. It’s a good thing that they’re not rushing to extend the HTTP warning quite so far just yet, as you can imagine how many users would react. That would be a big mistake on Google’s part.

But I wonder if Google is making another mistake in its approach here.

In its warning it says “Not secure”. That’s not really the right terminology. What they really mean is “Not encrypted.”

After all, it’s perfectly possible to have a website that is using HTTPS web encryption and providing security correctly at that level, but is lacking security in other ways.

It would be a mistake, for instance, to find ourselves back in the bad old days when some users believed that the mere existence of a padlock in the browser bar meant that the site could be trusted and considered legitimate, when it was perfectly possible for criminals to set up a website with HTTPS if they wished or compromise a legitimate website that was using web encryption properly.

Maybe I’m shouting into the wind, as educating the public about these semantic differences is surely an impossible task. But let’s not hope that users make the mistake of thing that sites which don’t have the “Not secure” warning are magically safe to use.

That grumble aside, I am in favour of anything which delivers a more encrypted web to the world. Maybe this change in Chrome will make more websites wake up to the importance of switching to HTTPS, especially on those webpages where they asking for sensitive information.

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Chinese criminals scam kids desperate to play games for more than three hours a week Chinese criminals scam kids desperate to play games for more than three hours a week
Graham CLULEY

August 12, 2022

2 min read
Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach
Silviu STAHIE

August 09, 2022

1 min read
Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down
Silviu STAHIE

August 05, 2022

1 min read