Google is pretty serious about securing its users. As you may already know, SSL is a certificate that encrypts the connection between the website’s server and the client’s browser, so it’s as secure as it gets. They started calling out non-SSL sites nearly two years ago. Websites with SSL certificates show up in the URL with “HTTPS,” while non-SSL sites have “HTTP.” As announced earlier this year, Google is finally getting around to labeling those HTTP websites as “Not Secure” in Chrome.
I’ve talked to some of the independent web developers and they have mixed opinions. While some think that Google is doing the right thing by calling out these websites, others think that not all websites need SSL certificates. To be honest, I’m going with the first one, as SSL certificate secures you from spoofing, MITM attacks, and many more. Also, in 2018, implementing and using them is not really difficult or pricey.
The following change will encourage users to be careful while browsing unsafe websites, and the developers to update their sites with SSL certificates. Google shared some pretty interesting statistics that show how things have changed since the first announcement of calling out HTTP websites.
- 76 percent of Chrome traffic on Android is now protected, up from 42 percent
- 85 percent of Chrome traffic on ChromeOS is now protected, up from 67 percent
- 83 of the top 100 sites on the web use HTTPS by default, up from 37
Pretty impressive stats if you ask me, as phishing and other kinds of network attacks have been a problem for a while. Google’s next goal is to the make “Not Secure” notification colored red by October of this year with the release of Chrome 70.
What do you think about the latest update? Do you think that it’s a good idea to force the developers to update their websites with SSL certificates? Or are you standing by the idea that not all pages need HTTPS?