The new label creates a distraction now because until recently, we saw the familiar green lock icon telling us the site we’re visiting protects us with SSL encryption and reminds us by adding the Secure label in the address bar. A click on the green lock icon presented us with details about the site’s security status with a warning about using the site if no encryption exists.
The warning is not there to scare anyone, but to drive home the fact that unsafe websites lead to possible attacks intending to steal personal information. Credit card info and login credentials get compromised by thieves launching a man-in-the-middle attack that tricks you into providing otherwise private information.
To bolster their decision regarding the protocol, Emily Schechter, a Chrome security product manager agrees that encryption is something that web users should expect by default.
Privacy issues associated with HTTP include an Internet provider having the ability to learn where you surf and the pages you view. However, with HTTPS the lax security of HTTP doesn’t exist, but using it is an important step in securing personal and private information regardless if the site doesn’t take part in collecting data from visitors and their personal browsing history. For example, if a person browses adult sites or other personal and confidential areas of the web, information about their activities gets encrypted so prying eyes can’t see it.
Coffee shops and similar gathering places have for years been the targets of hackers, or more specifically, the Internet traffic within. Sophisticated thieves capture unencrypted personal information sent back and forth via the open wireless hotspot in the coffee shop. It’s not uncommon for people to see full-page ads sent by hackers designed to trick them into providing credit card info.
Encrypted Internet connections within the same coffee shop locks down and secures the connection so the malware ads don’t appear, creating a safer environment. SSL helps protect against malware in this way and helps maintain the website’s integrity.
Placing a warning sign in plain view of Internet users who stumble on an unencrypted website is a step in the right direction according to Ross Schulman, senior counsel at New America’s Open Technology Institute. In January 2017, Chrome developers added a warning for users asked to provide credit card info on unencrypted sites, and eventually in its incognito (private) windows.
Google has its critics for implementing their strategy. Those who feel Google is trying to force the web into submission includes one creator of RSS, developer Dave Winer. He objected to Google’s approach and said in part, the fact is they’re forcing it, and the web is so much bigger than the tech industry. That’s the arrogance of this, he says.
Mr. Winer explains his worry that forced adoption of secured connections creates an environment of penalties for web developers without the means to retool their sites and it could block or close off older areas of the Internet. He feels this kind of treatment represents overreach and authoritarian behavior. If another approach were taken instead, deliberations would lead to more discussion and others not in the same industry could weigh in and have a voice.
While Chrome leads the way in the adoption of warning users about non-HTTPS sites, Mozilla, the creator of the popular Firefox browser also explored user warnings. Chrome and Firefox together claim 73 percent of browser market share.
Chrome’s traffic comprises Android and ChromeOS and, according to Google, breaks down to 76 percent and 85 percent respectively using an encrypted connection. The increase in its usage sees its boost from Google, and from hosting sites such as WordPress and Squarespace.
Until just two years ago, the universality of encryption was not guaranteed. Out of the top 100 websites, 37 used a secure connection. That number rose to 83 out of the top 100, according to Google. Wired jumped on board the encryption bandwagon in 2016, but not without its own set of headaches lasting for five months. Also, small website administrators see the free encryption services as a windfall for them.
According to Josh Aas, the co-founder of Internet Security Research Group, it would have been unreasonable to expect every website to conform to an encryption standard before free access to it existed.
They enabled site owners access to a secured connection by lowering financial, technical, and educational barriers. Their focus, he says, is on ease of use of encryption through services and is the main push behind the extraordinary growth of site encryption use recently.
The announcement regarding full deployment of encryption around the Internet represents a continuance of the plan to expand its use. Google soon plans to remove the Secure indicator label for secured sites which signifies encrypted connections, showing that it is becoming the expected norm for all sites.
A month later in October 2018, Chrome plans to show users a not secure warning anytime data entry takes place on an unencrypted page. With the addition of encryption, dangers on the Internet still lie in wait, and websites without protection may take a hit. At least for now, however, the presumption is if a site uses an encrypted connection, it is secure. As a secondary security measure, Chrome won’t fail to advise users if a connection is Not Secure.