Google is going to start pointing out when web pages that aren’t encrypted as part of its aggressive and on-going campaign to improve browser security.
Almost the entire Web is built on HTTP, or the Hypertext Transfer Protocol. It’s basically the language that browsers and web pages speak to each other. HTTP is great for a lot of reasons, and its wide adoption is a boon for compatibility, but it’s inherently insecure.
In fact, it’s remarkably easy to intercept traffic to and from unsecured HTTP servers, which is why HTTPS was introduced. As the secure version of HTTP, HTTPS encrypts data sent to and from users, protecting it with an SSL certificate. SSL as a security layer is basically unbreakable, although there are rumors the NSA and British Surveillance have their own methods, and security certificates are sometimes improperly issued, a problem that put Google in conflict with Symantec last year.
Related: The Java browser plugin will die later this year
Chrome distinguishes HTTP from HTTPS pages using an icon to the left of the URL, where the favicon (for example, the tiny Digital Trends logo on this tab) changes based on the security settings of the current page. A standard, un-encrypted site is marked by a white page icon, while a secure site is marked with a green padlock. If a page claims it’s secure, but Chrome spots issues with its implementation, the padlock will be marked with a red X. Clicking the icon in any case will bring up more info on the site.
Soon, sites that are unencrypted will be marked with a padlock and X icon, just like the poorly secured sites. The idea was actually proposed as part of an addition to the Chromium project, but now it appears it will be implemented in the standard version of Chrome as well. It was shown off as a feature during a presentation at the Usenix Enigma security conference.
When this change will make its way into the public version of the browser remains to be seen. It can be enabled in an advanced settings tab by navigating to “chrome://flags” and selecting “mark non-secure origins as non-secure,” a setting that’s simultaneously self-explanatory and confusing.
The move might seem extreme to some, but it’s important to protect your data everywhere on the Internet, not just on sites with passwords or sensitive information. The move towards a completely secure Web is one that everyone is going to benefit from, and if any company can make it happen, it’s Google.
- BlackBerry CEO criticizes Apple for refusal to decrypt data for law enforcement
- Update: Symantec asks Google to remove trust for one of its own certificates
- Want a secure messaging app on desktop? Signal has announced a private beta
from Planet GS via John Jason Fallows on Inoreader http://ift.tt/1QvOcz8
Brad Bourque
More Stories
‘My 401k Misses You’: Black Woman Pumped To Meet Donald Trump In Philadelphia – July 18, 2023 at 04:56PM
Energy Provider Warns of Impending ‘Crisis,’ ‘Blackout Conditions’ Driven By Biden Plans – July 18, 2023 at 04:20PM
Dog starts barking at cows crossing a bridge, so the cows stop to have a look. – July 17, 2023 at 02:27PM