With the release of Chrome v62 in less than 3 months, Google will begin marking non-HTTPS pages with text input fields—like contact forms and search bars—and all HTTP websites viewed in Incognito mode as “NOT SECURE” in the address bar. The company has started sending out warning emails to web owners in August as a follow-up to an announcement by Emily Schechter, Product Manager of Chrome Security Team, back in April.
Why is Google pushing HTTPS?
The motivation for Google’s drive for websites to switch to HTTPS lies predominantly with website security. Earlier this year, Google released notifications that secure-data must be safeguarded. This incorporates (although not limited to) sites that gather customer data, for example, sites collecting personal information or credit card details. The thing with the standard HTTP is that it essentially allows unsanctioned people to worm their way into a device and steal all the valuable information. Google is resolute in wanting to avoid the security breaches by strongly encouraging the move from HTTP to the secure HTTPS.
Explaining the HTTPS everywhere campaign
‘HTTPS Everywhere’ is a campaign rolled out from Google, and when talking through the initiative, Pierre Far from the Google Webmaster team and Ilya Grigorik from the Google Developer team, enlightened people on why Google believes every site needs the security Google is striving for.
Their view is that a single search might not divulge a lot about any of us. However, when there’s an accumulation of searches and website visits to see, articles we read and music we listen to online, it soon becomes far easier to collate a great deal in terms of our location, interests, personalities, likes and dislikes, and so much more! With this in mind, Google states that its prime concerns are secure searching, as well protecting the privacy of web users from any possible malevolent attacks.
Three of the main areas that Google is focusing its attention on are:
Authentication – Is the website visitor on the site they think they’re on?
Data integrity – Is the data safe when transferred?
Encryption – Could someone be eavesdropping on the website visitor?
By making a website HTTPS it stops attackers with ill intentions from impersonating the authentic destination site, interfering with data or ‘eavesdropping’ through devices.
The warning signs on Google Chrome
In December 2014, Google developers were working on the proposed warning sign from the search engine’s Chrome browser, which would inform people their data is at risk each time they go to a site that doesn’t use HTTPS. They implemented the warning by showing web users a message that the connection they were about to make to a website ‘provides no data security’. Alternatively, they’d see a simple, but clear red cross through the padlock symbol at the start of the web address.
Just two years ago, a mere 33% of websites used HTTPS. This figure has increased, and at this point, the average volume of encrypted internet traffic has now exceeded the average volume of unencrypted traffic. What’s more, when Google does start flagging up warnings on non-secure HTTP sites, it’s likely there will be a far greater shift towards HTTPS.
Granted, there could be some initial perplexity among website users who don’t fully understand the difference between HTTP and HTTPS. This may result in some concern that there’s a problem with a website they have used without hesitation in the past. Largely, people adopt the feeling that websites and emails are private, so by creating an indicator that this isn’t the case, presumptions will be challenged.
Although web masters will face the initial task of moving a website over to HTTPS, the advocators of Google’s HTTPS Everywhere campaign believe this is a positive step in the right direction for internet users and the internet in general.