The
traditional HTTP protocol still used by many sites is unencrypted and
Google (among others) thinks that’s just not good enough.
traditional HTTP protocol still used by many sites is unencrypted and
Google (among others) thinks that’s just not good enough.
The HTTPS
protocol, however, adds an extra layer of protection against snooping
and interception. Therefore Google plans to flag sites that aren’t
served under the HTTPS.
protocol, however, adds an extra layer of protection against snooping
and interception. Therefore Google plans to flag sites that aren’t
served under the HTTPS.
Chris
Palmer, security engineer at Chrome, tweeted a picture of the New
York Time homepage with a red “X” shown in the URL bar to
signify a lack of encryption.
Palmer, security engineer at Chrome, tweeted a picture of the New
York Time homepage with a red “X” shown in the URL bar to
signify a lack of encryption.
The tweet
was also highlighted by Parisa Tabriz, manager of Google’s
information security engineering team, who said “HTTP, we’re
readying to call you out for what you are: UNSAFE!”
was also highlighted by Parisa Tabriz, manager of Google’s
information security engineering team, who said “HTTP, we’re
readying to call you out for what you are: UNSAFE!”
There is
also a written proposal on the change, which can be found here.
also a written proposal on the change, which can be found here.
Chrome
already flags secure sites with a small padlock icon, but the use of
a red cross on HTTP connections, instead of the current white blank
page, is designed to make more of a statement: insecure connections
are not cool.
already flags secure sites with a small padlock icon, but the use of
a red cross on HTTP connections, instead of the current white blank
page, is designed to make more of a statement: insecure connections
are not cool.