Chromium(google) Considers Marking HTTP As Non-Secure

[ahhming]

 The Chrome Security Team, propose that user agents (UAs) gradually change their UX to display non-secure origins as affirmatively non-secure. They intend to devise and begin deploying a transition plan for Chrome in 2015.

The goal of this proposal is to more clearly display to users that HTTP provides no data security.

 

 

Source:

https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure

 

http://www.bbc.com/news/technology-30505970

[Sidiox]

Well that is good. HTTPS is not needed at all times, but it is good that they warn the average internet user about the problems and insecurities associated with HTTP

[LifesCompanion]

Well that is good. HTTPS is not needed at all times, but it is good that they warn the average internet user about the problems and insecurities associated with HTTP

While it's not needed all the time, I personally would prefer to see it adopted as a de-facto standard (I guess it kinda already is) 

[Guest]

They should also warn users that not using a VPN is non-secure.

[cesrai]

They should also warn users that not using a VPN is non-secure.

Nope that is on you, you have to research for the best vpn.

[Jade]

If it's meant to scare the user, then Google should probably figure out what it wants upstarts to do, considering SSL certs can be fairly expensive. Notably, not everything needs to be encrypted, it's just a side benefit.

[Techhog]

They should also warn users that not using a VPN is non-secure.

And to never save passwords, and to generate all passwords with random characters, and...

 

What I'm concerned about is HTTPS becoming insecure as a result of this forcing sites to switch over.

 

 

If it's meant to scare the user, then Google should probably figure out what it wants upstarts to do, considering SSL certs can be fairly expensive. Notably, not everything needs to be encrypted, it's just a side benefit.

This too.

[Misanthrope]

Good for humanity, bad for us working for ISPs having to deal with an endless flow of customers saying "Why is my Facebook no longer secure!? You better send a technician to my house to fix this!" (true story btw)

[Blade of Grass]

They should also warn users that not using a VPN is non-secure.

How is not using a VPN not secure?

[qwertywarrior]

awesome

this and  cloudflare will be giving HTTPS for free

and mozilla,eff making ssl certs free

[rockking1379]

I'm actually okay with this. More sites need to use https. And users only notice a little green bar. So I say lets make it plain and obvious that your connection isn't secure.

[rockking1379]

Good for humanity, bad for us working for ISPs having to deal with an endless flow of customers saying "Why is my Facebook no longer secure!? You better send a technician to my house to fix this!" (true story btw)

Well if facebook isn't using a secure connection...then something is wrong

[patrickjp93]

Well if facebook isn't using a secure connection...then something is wrong

It isn't. Haven't you ever looked at the HTML source? It's on standard HTTP.  Was true until 2013 apparently.

[deviant88]

> linustechtips is insecure 

[Jade]

this and  cloudflare will be giving HTTPS for free

and mozilla,eff making ssl certs free

Where was this all announced? This says absolutely nothing about giving SSL certificates for free, and I'm not seeing any recent information regarding free ones from Mozilla or EFF.

[qwertywarrior]

Where was this all announced? This says absolutely nothing about giving SSL certificates for free, and I'm not seeing any recent information regarding free ones from Mozilla or EFF.

mozilla eff thing

http://www.extremetech.com/computing/194568-eff-and-mozilla-join-forces-to-encrypt-the-entire-web-by-giving-away-free-https-certs

http://techcrunch.com/2014/11/18/mozilla-eff-and-others-band-together-to-provide-free-ssl-certificates/

 

and the cloudflare thing

http://www.tomshardware.com/news/cloudflare-security-encryption-ssl-https,27780.html

http://arstechnica.com/information-technology/2014/09/cloudflare-gives-internet-a-present-free-no-hassle-universal-ssl/

 

and if by "this" you meant what is on the OP .i was talking about how google is pushing HTTPS forward and how great it is sry for the confusion

[Markmjb]

Fine if they mark it as safe/unsafe, as long as it's not something that's in the way of the usability of the site, like those idiot cookie warnings or even the unsecure connection page

[cesrai]

How is not using a VPN not secure?

They can have logs or the connection your routing from can be monitored, just like using a pineapple -hak5 reference-. 

[Blade of Grass]

They can have logs or the connection your routing from can be monitored, just like using a pineapple -hak5 reference-. 

The exact same way the VPN provider can too?

[rockking1379]

> linustechtips is insecure 

@LinusTech should get this fixed and make HTTPS the ONLY option. or atleast the default one

[Blade of Grass]

@LinusTech should get this fixed and make HTTPS the ONLY option. or atleast the default one

They've tried it before in the past, sadly it breaks embedding of photos and YouTube videos.

[Akolyte]

I think there are 3 good things, one phishing scams won't be as effective anymore as they will need SSL certificates.  Users can see that normal HTTP has no data security and quite frankly most average people don't know that.  And lastly sites like Facebook which I don't know why the hell they don't have HTTPS enabled by default, but it will force them and other popular sites to use HTTPS or else users will be drawn away.