Posted on

Chrome Blitz on Insecure Websites

Google’s Chrome browser set to ‘shame’ sites without secure domain

Vintage chrome Chopper bike.
Secure, as in this chrome Chopper being tied to a cyclist’s post.

 

Web browsers, when kept to speed with the latest updates are made more secure, immune from the latest insecurities. This year, Google is set to go a step further. Through its Chrome browser, it intends to ‘shame’ websites that are hosted on a HTTP domain.

What Google intends to do on its Chrome browser, is alert users of such sites with the use of a crossed padlock icon. This being the opposite of the standard locked padlock for sites on secure [HTTPS] domains. Google’s plans build on a December 2014 proposal to give priority to sites hosted on HTTPS web domains. The search giant also argues that properly secured websites can be of frustration to surveillance attackers.

At present, a secure domain ensures good results on Google, owing to its security value. So long as secure protocols, key exchanges and cipher suites are kept up to date, your chances of staying on Google is good (ethical SEO methods permitting). Completing the picture is Google’s Security Panel, whose aim is to check the validity of digital certificates. From there, it will check to see if the certificate is valid or not. If valid? Locked padlock on Chrome. If otherwise, the crossed padlock.

Not only Chrome

Two other browsers could incorporate this feature in future months. Firefox and Opera have expressed an interest, working with the EFF [Electronic Frontier Foundation] and the Tor Project. They are working under the banner of HTTPS Everywhere whose aim is to ensure secure web browsing for all users. Another group, known as Encrypt All The Things, aims to pursue a similar path, and has gained the support of Reddit, Twitter and Dropbox.

Google’s concerns have come at a time when governments around the world are trying to snoop on web browsers. Through Chrome they are doing online consumers a service, but on the other hand, some unscrupulous concerns may find other methods to fleece potential customers.

By the end of 2017, we at Net66 can see HTTPS hosted sites being commonplace. With public WiFi being abundant in urban centres, Google are on the right track.

What are your opinions on Google’s decision to ‘shame’ insecure websites? Feel free to add to the discussion.

Net66, 28 January 2016.