Chrome Will Soon Red Flag Unsafe Websites

By:  |  Category: Blog, Security Thursday, February 8th, 2018  |  No Comments

Google has always been way ahead of the game when it comes to browsing securely.

For the last eight years Gmail service has run over an encrypted connection by default and moved to the standard four years ago. In their final move to block roaming eavesdroppers, this summer the Chrome browser will begin to “label” any website unsecure if it’s not encrypted.

Time to get those SSL certs in place!

This action goes into effect in July with the release of Chrome 70, fulfilling a promise Google made three years ago.

How will this move affect you? If you use Chrome, you will start noticing lots of “not secure” warnings on the left side of the browser at the top of your screen. Don’t worry, you have probably been going to these sites all along without realizing they weren’t encrypted, but be cautious if you are exchanging money or private information.

Is Encryption Difficult to Get? No–for small websites it’s very easy. Certainly, encryption used to be a cost prohibitive, sluggish beast that made it difficult for most users to acquire, but these days you can get an SSL certificate for free thanks to non-profits like “Let’s Encrypt.  A larger website may need to make some adjustments in their coding to remain compliant.

Why the Need to Encrypt? 
First, encryption keeps malicious actors from messing with webpages — for example, inserting ads or altering websites to send you to a bogus sign-in page. It also protects your browsing history, even looking at particular news stories or Wikipedia pages can reveal personal information to advertisers or, in some parts of the world, political surveillance agents.

Encryption also makes catching bad guys a heck of a lot harder for authorities who used to simply wiretap phones and record conversations. FBI Director Christopher Wray in January spoke against unbreakable encryption, a common theme among politicians and law-enforcement officials.

The only problem with their concern is that there’s no way to make encryption breakable for legitimate investigations without breaking it for logging in to websites, buying books on Amazon, and protecting privacy. For this reason, encryption proponents and Silicon Valley companies have strongly opposed weakening encryption.

Other browsers are moving towards encryption with measures similar to Chrome’s. And they’re also incentivizing website developers by offering  new web technology only when websites are encrypted.

Encryption is now the new standard. According to Firefox statistics, 70 percent of webpage visits now are encrypted, up from about 28 percent three years ago.

Google announced the move on its Chromium blog, offering tips to web developers who have to wrestle with the transition. According to Google’s measurements, 81 of the top 100 websites today encrypt websites by default. More than 68 percent of traffic on Chrome for Android and Windows is encrypted now, and the figure is even higher, 78 percent, for laptops running Apple’s MacOS and Google’s Chrome OS.

“Developers have been transitioning their sites to HTTPS [encryption technology] and making the web safer for everyone. Progress last year was incredible,” Emily Schechter, Chrome’s security product manager, said in the blog post.

If you need help transitioning your business website to comply with the new standards give EnhancedTECH a call at 714-970-9330 or contact us at [email protected] for a complimentary consultation.

Source Image: https://unsplash.com/photos/leqrylJNYUQ

Leave a Comment
Read previous post:
Starbucks hit by Public Wi-Fi Attack

Starbucks is always an easy place to go when working on the road--reliable and strong coffee, easy Wi-Fi access and...