Google plans to alert web users of insecure Non-HTTPS sites

https secure

Google is planning to warn web users about potential security risks involved while visiting websites that have not adopted the secure Hypertext Transfer Protocol (HTTPS) system.

According to a discussion page from Google Chrome engineers moots the change, saying that it could arrive in 2015 and act as a warning flag against sites not adopting HTTPS. Initial alerts will simply label a non-HTTPS site as having “Dubious” security but at a future date, Chrome will start marking such sites as ‘Non-secure’.

The engineers at the Chrome Security Team said in a blog post that the goal of this project is to clearly inform users that HTTP sites fail to provide data security. This information helps them to decide how and whether to interact with the site.

HTTPS websites adopt Secure Socket Layer (SSL) encryption to scramble data as it travels from the client and server. HTTPS websites offer much better data security than HTTP sites. Major browsers like Chrome, Firefox and Internet explorer label a site with padlock icon which informs visitors that their connection is secure.

The team said users need to be alerted because it was known that insecure connections are a treat to cyber thieves and government agencies that can get access to a user’s confidential data.

Though HTTPS protocol; was there for a long time, many sites have failed to adopt it. A survey made by the Trustworthy Internet Movement shows that currently only 33% of websites adopt HTTPS. Another study by High-Tech Bridge shows that only two of the top 100 e-commerce sites automatically ensured their customers used secure HTTPS when purchasing an item or adding them to the shopping cart. About 27 percent did not adopt HTTPS at all for no-critical pages of their website while 7 percent ignored to use HTTPS even for order processing part like checkout, payment and logins.

Earlier this year, Google announced, websites using HTTPS would rank high in search results. Sites that use HTTPS will be more favored by a search engine than HTTP sites. This is just a proposal, not a firm declaration and it is not clear how Google would label those sites. Would it be a pop-up alert or a subtle warning? Would it be the kind of malware warning where Google displays an alert between search results in the actual website, allowing users to decide whether to visit the site or quit? We should wait for the answer.

Via: BBC