Important Google S-Day: Chrome browser now warns about non-HTTPS sites

Users who viewed this discussion (Total:0)


djbaxter

Administrator
Moderator
Joined
Nov 10, 2016
Messages
1,684
Likes
800
Points
113
True to their word, Google today released version 68 of their Chrome Browser and, as promised, they have changed the way they warn users about potential issues with web sites.

In previous versions, Chrome (and Firefox and most other browsers) alerted users to sites that were not using SSL with a red padlock next to the URL, and sites with mixed content displayed an orange padlock.

Starting with version 68, Chrome now uses a stronger warning system. If you haven't yet converted your site to HTTPS / SSL, now is the time to give it serious consideration. You should also check that your site correctly redirects from HTTP to HTTPS in case anyone enters just the domain name into the browser.

On their Google Chrome Help page, Check if a site's connection is secure, they preview what this now looks like to users:

Check if a site's connection is secure
To see whether a website is safe to visit, you can check for security info about the site. Chrome will alert you if you can’t visit the site safely or privately.
  1. In Chrome, open a page.
  2. To check a site's security, to the left of the web address, look at the security status:
    • L9-ufjZuuR0ma44XqiZ8Zg_JUlR8Kbl1ctaFM52LCu6qv3eppvZV8BVLTDqYHz7mEao=w18-h18.png Secure
    • KFs3BIAZnJiSLNLUM-A4kiRO0GsRu5pDr1loalhlFF4AzpJwWxRc_orjsv2Y1erXJjs=w18-h18.png Info or Not secure
    • google-insecure2.png Not secure or Dangerous
  3. To see the site's details and permissions, select the icon. You'll see a summary of how private Chrome thinks the connection is.
What each security symbol means
These symbols let you know how safe it is to visit and use a site. They tell you if a site has a security certificate, if Chrome trusts that certificate, and if Chrome has a private connection with a site.

L9-ufjZuuR0ma44XqiZ8Zg_JUlR8Kbl1ctaFM52LCu6qv3eppvZV8BVLTDqYHz7mEao=w18-h18.png Secure
Information you send or get through the site is private.

Even if you see this icon, always be careful when sharing private information. Look at the address bar to make sure you're on the site you want to visit.

KFs3BIAZnJiSLNLUM-A4kiRO0GsRu5pDr1loalhlFF4AzpJwWxRc_orjsv2Y1erXJjs=w18-h18.png Info or Not secure
The site isn't using a private connection. Someone might be able to see or change the information you send or get through this site.

On some sites, you can visit a more secure version of the page:
  1. Select the address bar.
  2. Delete http://, and enter https:// instead.
If that doesn't work, contact the site owner to ask that they secure the site and your data with HTTPS.

google-insecure2.png Not secure or Dangerous
We suggest you don't enter any private or personal information on this page. If possible, don't use the site.

Not secure: Proceed with caution. Something is severely wrong with the privacy of this site’s connection. Someone might be able to see the information you send or get through this site.

You might see a "Login not secure" or "Payment not secure" message.

Dangerous: Avoid this site. If you see a full-page red warning screen, the site has been flagged as unsafe by Safe Browsing. Using the site will likely put your private information at risk.
 

djbaxter

Administrator
Moderator
Joined
Nov 10, 2016
Messages
1,684
Likes
800
Points
113
Dave Winer is one person who has made a point of NOT converting to SSL.

From his blog, Scripting News, yesterday, he explains:
Apparently tomorrow is the day Google will start flagging sites that use HTTP, the standard web protocol, as "not secure." Curious to see how people react. BTW, this link has auto-playing video. It may be "secure" but it's also obnoxious. This blog and all my other sites use HTTP. I don't see that changing. I expect this will make writing for the web more of a chore. That's life I guess. I don't want Google to be able to mold the web to its needs. I never signed on to being a Google developer, and never would. Basic rule: Google is a guest on the web, as we all are, and guests don't make the rules.
Here's what that site looks like today in Firefox:

Firefox-Not-Secure.png

And here's what it looks like in Chrome:

Google-Chrome-Not-Secure.png

Not a huge difference for this site but still noticeable.
 
Top