When browsing online you may or may not take notice of the HTTP/ HTTPS at the beginning of a URL. HTTPS stands for Hypertext Transfer Protocol Secure and as the name suggests, the added ‘S’ recognises a web server as secure. Combining HTTP with the Secure Socket Layer (SSL), a site that is labelled HTTPS allows you to use web servers securely. In a recent update from Google this month, they have highlighted their plans to opt into a HTTPS- First World. Here, we reveal what this actually means to the average user and for online businesses.
When a browser connects with a site over HTTPS, attackers cannot intercept any data that is shared over the connection, therefore creating a much more private and secure system. Whilst the adoption of HTTPS has come a long way in recent years, Google Chrome want to take it to the next level to help protect users online.
The announcement from Google suggests that “any site that doesn’t have a valid SSL certificate will see an error” with wording along the lines of “Your connection isnt private”. It is reasonable to think that many users will automatically close this window and not continue to the site, showing the importance that all websites should be moving to HTTP. Those that do not do this risk significantly less page visits as Google Chrome remains the most popular browser in the UK.
Who will this affect?
Whilst there is only a small proportion of websites that remain without a valid SSL certificate, Google wants this to change. Moving forward Chrome will try loading a https:// version regardless of what is entered into the web browser. If https:// is not supported by the web server, it will roll back to http:// and show a full page warning before the site is loaded. Whilst users will still be able to access these pages, the warning itself is enough to put a lot of users off.
Google is not the only web browser that is opting for this HTTPS- First World. Firefox has also shared their intention to do the same.
The Lock Icon
Research has shown that people currently assume that the padlock icon shows the site is trustworthy, when it actually only indicates that the connection is secure, not the website itself. Therefore, Chrome are going to run experiments to try and reduce this confusion for users. Therefore HTTPS sites will no longer show the padlock symbol however non HTTPS websites will show a warning.
When are these changes taking place?
These changes are being made in order to better inform users when making decisions online. It is important that users know which sites do and do not offer a secure connection. The aim is to also limit the ability for sites to opt-out of security policies over insecure connections.
Dates of these changes are currently unknown and Chrome have stated that they are “excited to announce more details later this year”