Two years ago Google said that it would punish those that had websites that were not secure and did not implement the HTTPS secure protocol. Emily Schechter (Chrome Security Product Manager) has said that “Encryption is something that web users should expect by default” and this month (July 2018), Google have finally followed through with the threat.
Websites with unencrypted connections in the new Google Chrome 68 will now display “NOT SECURE” in the URL bar. Previously, visitors were only able to see if the website was insecure by clicking on the padlock symbol for more information. Firefox browser now also displays similar warnings for HTTP websites – and as Firefox and Google Chrome currently hold approximately 75% of browser market share it is a website implementation which cannot continue to be ignored.
You will know you are on a non-secure website because the website address will begin with: “http://” – If you are on a secure HTTPS website, the address will begin with: “https://” – and if using the Google Chrome web browser a green padlock symbol will display reiterating the fact that the website is secure.
It is clear that Google Chrome and Firefox are trying hard to promote secure websites and data protection because internet users must understand that using HTTP websites put their personal data at risk. If submitting a web form on a non-secure HTTP website, any information you submit can be intercepted by a hacker. In extreme cases, a hacker can pose as a destination site – tricking you in to handing over credit card information and other sensitive information.
There are also privacy implications for not using secure websites. If you’re browsing on an unsecured connection, hackers may be able to see the websites you are using and the web pages you are viewing.
However, forced HTTPS adoption is not making everyone happy. Developer Dave Winer, one of the creators of RSS, objects to this being imposed upon the open web. He says “The fact is that they’re forcing it. They’re just the tech industry. The web is so much bigger than the tech industry. That’s the arrogance of this.” His worry is that web developers will be penalized for not implementing HTTPS – and the HTTPS implementation in itself can be costly for bigger websites. Wired.com took 5 months to implement HTTPS across the entire website.
Two years ago, only 37% of websites were secure – Now that percentage has jumped to 83% and with the help of Let’s Encrypt it is now easier to implement and manage HTTPS integration.
Google will soon be displaying a bright red padlock symbol in the Google Chrome browser for all non-secure websites – another push for those who have still not implemented HTTPS.
You will notice that the LeanneNorris.co.uk website is HTTPS secure – As are all the websites I build. If you would like to know more or need help with your website security, please get in touch.