Google Chrome Marking All HTTP Sites “Not Secure” in July 2018
In Q3 of 2016, Panda Security ran a security analysis of their organization’s data and found out that their organization alone has received over 18 million new malware samples in the same period. That is over 200,000 a day!
While the above information seems a little ridiculous, these figures are pretty normal for an average online website. In fact, statistics suggest that there is a high chance that these figures only grow as time passes. However, Google recently announced a revolutionary step of marking all HTTP sites as “Not Secure” in Google Chrome as of July 2018.
In a recent company blog post, Emily Schechter, Google Chrome security product manager announced that the browser will start marking all HTTP websites as “Not Secure” as of July 2018.
The current version of the Google-based web browser displays a neutral information icon (i’) when an HTTP website is opened by a user which the user can click and get the message ‘Your connection to this site is not secure.’ On the other hand, Chrome displays “Secure” instead of the information icon when an HTTPS website is opened on it. While this method also aims towards a secure browsing experience, not all users actually click on the ‘i’ icon or know the difference between an HTTP and an HTTPS website. This is why Google aims to display the “Not Secure” message in a similar fashion.
Google’s decision helps in establishing a stronger online network by making online firm owners switch to an encrypted interface. By doing so, the user’s information is exchanged through a safe medium disallowing any third party to interfere with the transaction. “Based on the awesome rate that sites have been migrating to HTTPS and the strong trajectory through this year,” says Schechter, “we think that in July the balance will be tipped enough so that we can mark all HTTP sites.”
Other than that, Google also announced improvements to its Lighthouse app which helps business owners shift to an HTTPS network. “Chrome is dedicated to making it as easy as possible to set up HTTPS. Mixed content audits are now available to help developers migrate their sites to HTTPS in the latest Node CLI version of Lighthouse, an automated tool for improving web pages,” says Schechter in her blog post. As suggested by Schechter, the latest updated version of the Lighthouse app comes with a new audit which enables users to identify the resources that are loaded in an HTTP and an HTTPS website. Therefore, shifting from an HTTP network is now very easy as it only requires the operator to change the website’s subresource to that of an HTTPS one.
An Alternative For HTTP to HTTPS conversion
The Electronic Frontier Foundation (EFF) announced the ‘Let’s Encrypt’ initiative in 2016 which allows users to easily shift their HTTP website to an HTTPS one. It is an automated free service giving websites even less of an excuse to adopt the idea of a secure network.
In order to convert to an HTTPS network using ‘Let’s Encrypt’, business owners must prove that they have complete control over their website’s domain. For doing so, it runs a software which uses the ACME protocol and runs on your web host to verify your control over the network.
Since each website is hosted by different providers, the ‘Let’s Encrypt’ verification software is custom tailored according to the client’s website. For identifying which software would work for you, you must figure out whether you have shell access to your web host or not. If you do, you should probably try the Certbot ACME client which automates certificate issuance and installation without any downtime and also comes with an ‘expert mode’ for users wanting to manually set up their HTTPS network. If you don’t, you must use the built-in support provided by your hosting provider. Here, you need to request your hosting provider for the conversion and if they support ‘Let’s Encrypt’ they can claim free certificates for your website on your behalf.
QuadraNet’s Measures Towards Safety
QuadraNet appreciates Google’s steps towards a secure online network. However, we take a step further by assisting our clients to build an even safer platform for their clients. For customers subscribed to our server management services, we are happy to assist with the process of installing a SSL certificate for your website.
Secure Sockets Layer (SSL) certificates are the backbone of a secure online website as they are responsible for the safe circulation of the user’s data within the website’s network. These certificates make sure critical information like credit card details, passwords, etc are easily exchanged between the user and the website owner without any third party interfering.
While using SSL certificates for data circulation, your website encrypts the user’s data into algorithms only understood by the server that you are using for your website. Therefore, the information becomes unreadable to any third party even if they were to gain access to the information transaction in hand. Apart from providing data encryption, SSL certificates also demand authentication. By doing so, they make sure that the user’s information is exchanged via the right medium and within the right server, avoiding all third-party imposters in the process.
Enabling SSL certificates on your website enhances the user experience of your website as it improves its page load times, a definite sign for the client that your website is worth trusting. It is also mandatory for your firm to become PCI compliant and accept payments from your users.
From the above context, we realize that various steps are been taken by a large number of organizations including Google towards building a law-abiding online means of communication. Therefore, as committed members of the online community, QuadraNet is making sure to take all possible actions for helping the community become more secure. For doing so, we personally follow all compliance guidelines set by the government and also work as providers of services to online firm owners which help them build a secure organization.