Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Cloud
    • Cloud
    • Cybersecurity

    Google Chrome Browser to Warn Users of Sites That Don’t Use HTTPS

    Written by

    Jaikumar Vijayan
    Published December 18, 2014
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Google plans to introduce a warning system to alert users about potential security risks when they visit websites that do not use the HTTPS protocol.

      Starting in 2015, users of Google’s Chrome browser who visit an HTTP site will receive an alert that the site may not be fully secure. Initial alerts will simply mark a non-HTTPS site as having ‘Dubious” security but at a future date, Chrome will start labeling such sites as ‘Non-secure.”

      “The goal of this proposal is to more clearly display to users that HTTP provides no data security,” members of the Chrome Security Team said in a blog post.

      “We all need data communication on the web to be secure (private, authenticated, untampered),” the blog noted. When a site offers no security, users need to be informed about it so they can decide how, and whether to interact with the site.

      A Google source close to the effort said the company plans on starting up the system throughout next year. But the company does not have specific timing details for websites yet, the source said.

      HTTPS websites use Secure Socket Layer (SSL) encryption to protect traffic between the client and server. The digital certificate that is used to encrypt the session also serves to authenticate the website, thereby providing another level of assurance for the user. HTTPS websites offer much better data protection for users than HTTP sites and protect against man-in-the-middle attacks and spoofed Websites.

      Popular browsers like Chrome, Firefox and Internet Explorer use a padlock icon in the navigation bar to indicate if a website uses HTTPS or not. Going forward, Google’s plan is to have Chrome affirmatively indicate if a website is insecure because it uses HTTP.

      Google’s proposal is part of an ongoing effort by the company to encourage broader adoption of HTTPS. Though HTTPS has been available for a long time, many sites still do not employ it.

      A survey of the top 100 e-commerce sites by High-Tech Bridge in December 2013 for instance showed that only two sites automatically ensured their customers used secure HTTPS when placing orders or putting items in the shopping cart. About 27 percent did not use HTTPS at all for non-critical portions of their Websites while 7 percent did not enforce HTTPS even for functions like checkout, payment and logins.

      Earlier this year, Google said it would start considering a Website’s use of HTTPS when ranking the site in its search service. Sites that use the secure protocol will be viewed more favorably from a search-engine ranking perspective than HTTP sites.

      In order to give website owners time to move to HTTPS, Google will attach only modest significance to HTTPS use at least initially. “But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS,” trend analysts from Google wrote earlier this year.

      Google has also begun encouraging website owners to stop using the SHA-1 hash algorithm in certificate signatures for HTTPS. SHA-1 has been shown to be broken and vulnerable to attacks that it was originally designed to protect against, two security engineers wrote in September.

      “We plan to surface, in the HTTPS security indicator in Chrome, the fact that SHA-1 does not meet its design guarantee.” The warnings will range from a “secure, but with minor errors” notice to “affirmatively insecure.”

      Jaikumar Vijayan
      Jaikumar Vijayan
      Vijayan is an award-winning independent journalist and tech content creation specialist covering data security and privacy, business intelligence, big data and data analytics.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.