While at one point nearly every website we visited started with the prefix “HTTP,” that’s not the case anymore. It’s seen as less safe, so the Google Chrome web browser is going to start warning its users when it hits a site that is still HTTP.
HTTP vs. HTTPS
HTTP stands for Hypertext Transfer Protocol. It’s been used on websites since the World Wide Web was invented more than a quarter century ago. Back then they never could have imagined the potential problems that could come with visiting a website that wasn’t secure.
HTTPS (Hypertext Transfer Protocol Secure) can be much safer to use, as like the name says, it’s more secure because it’s encrypted.
“Using HTTP for a website instead of HTTPS has always been problematic,” said the head of cryptography at Cloudflare, Nick Sullivan. “Every interaction you have with a website that is unencrypted is broadcasted to an unknown set of companies in arbitrary locations across the globe.”
“This is a massive privacy problem. It’s also a security problem because the website content can be modified along the way without the user knowing. This invites intermediaries to insert ads, trackers, or malicious software to websites.”
With HTTP websites, nefarious individuals can
- Insert other content such as ads that aren’t supposed to be on the websites
- Insert software that a user can’t see that will mine cryptocurrency
- Use DNS hijacking to redirect visitors to fake websites that will intercept their login info
Even some nations that have governments that control their Internet, such as Egypt and China, can take advantage of the weakness of HTTP.
The United States is against strong encryption techniques, with FBI Director Christopher Wray claiming strong encryption on mobile phones prevents law enforcement from having access to evidence.
Google Chrome 68, 69, 70
But Google wants to warn you when visit a less secure HTTP site. And for that reason, with the release of Chrome 68 on July 24, the browser will begin to warn users when it connects with an unencrypted HTTP website.
Chrome will display the words “not secure” next to the URL in the address bar for websites that are not encrypted. It doesn’t necessarily mean harm will come to you if you visit the website, however. But it may be annoying enough that website owners may want to update their sites to the HTTPS standard.
However, with Chrome 68 in September, instead of seeing the green padlock icon and the word “secure” on HTTPS connections, you’ll only see a black padlock. It seems they want us to realize that a website being secure shouldn’t be something special.
In October, Chrome 70 will be released, and the “not secure” warning in the address bar will then be displayed in a red color to be more alarming to you.
As far as other browsers, Mozilla says when they have a timeline for marking HTTP connections, they will announce it. Safari doesn’t show any alert, and the Edge browser shows an icon for HTTP connections. When it’s clicked, it offers a warning about the website not being encrypted.
The important thing to remember here is that everyone has choices. Just as website owners have a choice whether to update their site from HTTP to the encrypted HTTPS, you have a choice on whether to use Google Chrome with its new escalating warning system or use a browser that isn’t so obtrusive.
If you travel up to your address bar in whatever browser you are reading this article in, you’ll see that Make Tech Easier is secure with HTTPS.
What do you think about these warnings from Google Chrome? Do you think it will bother you to be warned every time you enter a non-secure website? Or will you be glad that they are taking the steps to warn you: Let us know what you think in our comments section below.
Image credit: Closeup on the screen with depth of field and focus on the padlock by ktsdesign/Shutterstock