Google Chrome's upcoming security change
October 11, 2018 at 1:10 PM
Earlier this year, the developers of Chrome made a statement that all HTTP pages will be marked as 'Not secure' moving forward, in a bid to encourage even more site owners to move to the more secure HTTPS standard. We now know a little bit more about the planned changes to Chrome's security indicators.
From September 2018 (and the release of Chrome 69), encrypted HTTPS sites will no longer need a green 'Secure' indicator, although the padlock icon will remain to assure users that they are browsing a safe domain. According to sources however, at some point even this padlock will be removed so that HTTPS pages appear simply as the standard.
Similar changes are planned for HTTP sites in order to better warn users of a potential risk to their data security in that, from October 2018 (Chrome 70) the indicator will have a warning icon when data is entered on any HTTP page (see below). This will hopefully safeguard users even further.
Users should expect that the webpage is safe by default, and they’ll be warned when there’s an issue. We hope these changes continue to pave the way for a web that’s easy to use safely, by default.
Why Does HTTPS Matter
You should always check that a website is protected with HTTPS, even if it doesn’t appear to handle sensitive communications/information. Aside from providing critical security the websites and the user’s personal information, HTTPS is a requirement for many new browser features, particularly those required for the ever evolving web apps which we all use at some stage to make our browsing a better experience.
HTTPS protects the integrity of websites
HTTPS helps prevent intruders from intercepting and tampering with the communications/information between websites and user’s browsers. Intruders tend to include intentionally malicious attackers (Hackers), and sometimes even legitimate but intrusive companies.
Intruders use unprotected communications/information to trick users into giving up sensitive information or installing malware which is used to infect your device and collect further personal information. Above I’ve mentioned that some legitimate companies may conduct similar behaviour whereas they will try to insert their own advertisements. When these companies inject advertisements into websites they could potentially break user experiences and create security vulnerabilities.
HTTPS protects the privacy and security of users
One common misconception about HTTPS is that the only websites that need HTTPS are those that handle sensitive communications or hold sensitive information. Every unprotected HTTP request can potentially reveal information about the behaviour’s and identities of users. Although a single visit to one of your unprotected websites may seem harmless, some intruders look at patterns with regards to the browsing activities of users to make it easier to anticipate what you’ll do next, and to un-encrypt their identities.
HTTPS is the future of the web
New web platform features, such as taking pictures or recording audio, or enabling offline app experiences, require explicit permission from the user before executing. Many older APIs (Plugins) are also being updated to require permission to execute, such as wanting to know your location when browsing specific websites. HTTPS is crucial in these components of permission workflows for both new features and updated APIs (Plugins).
If you would like any further information on features or have any other queries, please feel free to contact us at firstname.lastname@example.org
Created by Daniel Monsanto