Google is stepping up its campaign to end the use of unencrypted internet sites and from July the Google Chrome browser will mark any website which is not using HTTPS as being insecure.
For a long time, all websites made use of the HTTP protocol which offers sites no protection or security. But in recent years, more and more have switched to use the HTTPS protocol. This protocol helps to keep your browser data and online habits safe from prying eyes by encrypting data traffic as it travels between your web browser and the site itself.
All HTTP sites to be marked ‘insecure’
Google has long been pushing for all sites to use the more secure HTTPS protocol. In the most recent versions of its Chrome browser, Google already highlights the security risks of any HTTP site which can ask for user data, credit card details, or passwords. Users will see an ‘I’ symbol inside a box appear in their address bar.
But from July, the warning will apply to all HTTP sites, without exception. It will also be far more explicit than just a cautionary icon too. Instead, the address bar of all HTTP websites will feature the words ‘Not Secure’ ahead of the site’s address.
Some internet users may not notice this to start with. That is because the majority of popular sites already use HTTPS as standard and have done for some time.
According to Google Data, 81 of the top 100 most popular sites on the web already employ HTTPS by default. They also claim that 80% of the traffic that passes through their Chrome browser on Mac is encrypted, with the figure for their Windows browser being only slightly less, at 70%.
As Emily Schechter, Google Chrome’s product security manager explained in a blog post announcing the move, this was ultimately the deciding factor for the company.
“Based on the awesome rate that sites have been migrating to HTTPS and the strong trajectory through this year, we think that in July the balance will be tipped enough so that we can mark all HTTP sites,” she explained.
If you are wondering why HTTPS is so important for websites, then Adrienne Porter Felt, a colleague of Schechter’s in the Chrome product security team gave four powerful reasons for using it on her Twitter feed to coincide with the announcement.
The reasons she gave were that HTTPS is not beneficial to Google specifically, as some conspiracy theorists have claimed, but every internet developer. She made the point that it pre-dates Google and actually dates back to 1994 when Netscape created the SSL protocol.
She also said HTTPS enhances the user experience, improves browser functionality, and enables ServiceWorkers, which enable websites to continue working in difficult network conditions, to function properly, as these are too powerful for HTTP sites.
The likely impact of Google’s stance
But while these figures show that the use of HTTPS is now widespread, it is still clearly far from omnipresent. If somewhere between 20% – 30% of websites are still using the insecure HTTP protocol, that still means that there are many thousands of sites that remain insecure.
Some always will do, but others are likely to be pushing into upgrading to HTTPS if users make it clear that they want this. This is what the latest move from Google is likely to lead to.
When most people see the words ‘Not Secure’ in their address bar, they will not necessarily realise this means the site is not encrypted. Many people will interpret that as meaning the site is dangerous or malicious and could pose a direct threat to their online security.
This is likely to see visitor numbers to such sites drop and, if they are smart, they will link this to Google’s new policy and quickly upgrade to HTTPS to remedy the issue.
This is a pretty simple thing to do. Most website management companies and providers offer the service for a small fee with just a few clicks of the mouse. There are other projects dedicated to helping sites upgrade to HTTPS quickly and easily, such as Lets Encrypt and Google’s own Lighthouse tool.
How users can ensure they are always encrypted
The move is a boost for internet users as it allows them to make an informed choice over which websites they visit on the basis of how secure they are. But, many will still want, or need, to visit sites that haven’t moved on from HTTP yet.
To do this, their best bet is to use a VPN. A VPN encrypts all of your online data, from the point it leaves your device to the point it reaches the website you want to visit. This means that all of your online activity is encrypted and secure regardless of whether the website is using HTTPS or not.
The best VPN providers, such as IPVanish and ExpressVPN, also ensure that no user data is retained which means that your online activity is kept private as well as secure.
Google’s stance on encryption on the web is laudable of course. But ultimately, online security will always come down to the practices of individual users. And the best way to keep your online activity safe and encrypted is by using a VPN.