0
(Image: ZDNet)
Google has said starting later this year its Chrome browser will mark all websites that haven’t adopted HTTPS encryption as “not secure.”
That means any site that doesn’t load with a green padlock or a “secure” message in the browser’s address bar will be flagged as insecure.
Emily Schechter, Chrome security product manager, confirmed in a blog post that the changes will come into effect with Chrome 68, scheduled for July.
“For the past several years, we’ve moved toward a more secure web by strongly advocating that sites adopt HTTPS encryption,” she said in the blog post published Thursday. “And within the last year, we’ve also helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as ‘not secure’.”
It’s the latest escalation in the search and browser giant’s effort to gradually push more webmasters into adopting HTTPS, a secure encryption standard for data in transit.
That means any data sent from your computer or device to that website is transmitted securely and can’t be intercepted by an attacker. Because HTTPS wraps a secure tunnel around the site and its user, the encryption also serves as a way to ensure that the content hasn’t been modified by an attacker.
The company has employed several other tactics, including ranking sites with HTTPS higher in its search results, as an incentive to drive web developers to adopt the technology.
According to Google, 81 out of the top 100 ranked global websites now use HTTPS by default.
But there are thousands of news and other popular websites that still haven’t made the leap (ZDNet included).
For smaller and younger sites, transitioning to HTTPS can be a breeze. Many hosted solutions and servers offer plug-and-play certificates to enable website encryption in a flash. But for larger, sprawling, and legacy sites, HTTPS can be a nightmare. That’s because everything on the domain has to be secured — and a single outlying element can reduce a page to an insecure one.
When reached for comment, Georgina Kennedy, director of product, B2B at CBS Interactive, told ZDNet: “After the completion of HTTPS for sister-site TechRepublic, we’re now in the development phase for HTTPS with ZDNet — and this requires thorough testing.”
“Our goal is to be live on HTTPS well before this July deadline,” she added.
Sister-site CNET completed its transition to HTTPS in February last year.
By our count, 88 percent of the top 50 websites featured on Techmeme, a popular news aggregator, are HTTPS by default.
Contact me securely
Zack Whittaker can be reached securely on Signal and WhatsApp at 646-755–8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.
Read More
ZDNET INVESTIGATIONS
NSA’s Ragtime program targets Americans, leaked files show
Leaked TSA documents reveal New York airport’s wave of security lapses
US government pushed tech firms to hand over source code
At the US border: Discriminated, detained, searched, interrogated
Millions of Verizon customer records exposed in security lapse
Meet the shadowy tech brokers that deliver your data to the NSA
Inside the global terror watchlist that secretly shadows millions
FCC chairman voted to sell your browsing history — so we asked to see his
198 million Americans hit by ‘largest ever’ voter records leak
Britain has passed the ‘most extreme surveillance law ever passed in a democracy’
Microsoft says ‘no known ransomware’ runs on Windows 10 S — so we tried to hack it
Leaked document reveals UK plans for wider internet surveillance
Related Topics:
Security TV
Data Management
CXO
Data Centers
0