If you’re a user of Google’s popular Chrome browser — and with anywhere between 60-80% of the web’s traffic delivered to Chrome, the chances are pretty good that you are — then come July, you’ll see a significant change in how the web pages you visit are presented.
That’s because the version of Google Chrome that will be released to the wider public in July will include a feature that gives strong preference to sites that incorporate a level of security directly into their sites, using the HTTPS protocol.
If you’ve been online for any period of time, you’ll be aware that web sites (like this one!) are prefaced with “HTTP”, which stands for HyperText Transfer Protocol. It’s the standard — essentially the language — by which information is sent for hypertext, the underlying way you view most web pages. HTTP has a long history, dating back to 1989, and while it’s proved a robust protocol, it wasn’t particularly built with security in mind.
That’s where HTTPS comes in. HTTPS is the secure version of HTTP, with the extra S standing for “Secure”. HTTPS data transfer allows for a site to properly identify itself, to avoid fakery, as well as encrypting information entered on that page, which is why so many sites that deal with financial information have long used HTTPS.
After all, you wouldn’t want your bank details to be easily sniffed out when you’re checking your balance, nor your credit card details grabbed when you’re making an online purchase.
The problem is that many sites don’t use HTTPS, leaving them significantly less secure. Right now, most browsers will identify a secure site with a padlock at the very least near the address bar, or in the case of current Chrome, the word “Secure” next to the address.
It’s great to know that online shops, banks and other merchants have security in mind when it comes to your valuable information, but Google’s moves with its Chrome browser will go an extra step when it rolls out.
That’s because rather than highlighting a positive, when sites are using secure encryption for all data on a site, it’s going to highlight the negative, when they don’t. Sites that only use HTTP will be marked as “Not secure” automatically when loaded on the Chrome browser, making users much more aware of where it’s safe to surf the web and where it isn’t.
Google has a long history in pushing the adoption of safer web standards, having started shifting insecure sites down its powerful search rankings some years back. Google’s position as the premier name in search meant that doing so gave sites a strong reason to invest in the encryption necessary to regain those vital early search position. There’s a lot of research that suggests most users never leave the first page of any Google search result, so being high up the rankings has actual real-world value.
So what does all of this mean to you? If you have some kind of presence online that you want others to find, making sure your site is running with HTTPS is essentially vital, and smart work in any case. It’ll mean you’re not falling foul of Google’s existing preferences for secure sites, or sending away folks who may be concerned when your site is shown as insecure.
If you’re just a web user, rather than someone with a site, it’s going to be worth keeping an eye out for. Any site that comes up as “not secure” isn’t automatically a haven for malware or identity theft, but it’s certainly one that you should think twice about giving any of your details, because they’re certainly not doing much of job of keeping them secure.