Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Proposes To Warn People About Non-SSL Web Sites

Posted by samzenpus on from the protect-ya-neck dept.

mrspoonsi writes The proposal was made by the Google developers working on the search firm's Chrome browser. The proposal to mark HTTP connections as non-secure was made in a message posted to the Chrome development website by Google engineers working on the firm's browser. If implemented, the developers wrote, the change would mean that a warning would pop-up when people visited a site that used only HTTP to notify them that such a connection "provides no data security". Currently only about 33% of websites use HTTPS, according to statistics gathered by the Trustworthy Internet Movement which monitors the way sites use more secure browsing technologies. In addition, since September Google has prioritised HTTPS sites in its search rankings.

5 of 396 comments (clear)

  1. Re:So perhaps /. will finally fix its shit by bloodhawk · · Score: 3, Informative

    The more traffic is encrypted the more EXPENSIVE it is to host sites and dish out content, it screws up caching and makes everything harder to diagnose with technical issues . encryption comes at a cost and when the content has not real value it is a pointless cost.

  2. Re:The web is shrinking by Dutch+Gun · · Score: 4, Informative

    In fairness to Google, they're also pushing a new standard that will allow free SSL certs to be used by anyone who wants it. Search for Let's Encrypt for more info.

    --
    Irony: Agile development has too much intertia to be abandoned now.
  3. Including Slashdot? by Midnight_Falcon · · Score: 3, Informative

    I find it more than ironic that this article was posted on Slashdot, which in 2014..still doesn't support SSL. It'll even redirect HTTPS to plaintext HTTP!

  4. Re:Stupid by heypete · · Score: 4, Informative

    CPU and power increase for encryption is negligible for most sites.
    The real cost is getting a certificate from a site that the browser will recognize.
    Those are expensive especially if you want a site for a hobbie or a supplemental income.

    StartSSL offers completely free-of-cost certificates that are widely recognized by browsers to individuals and non-commercial sites. $60/year gets you an ID-verified account and the ability to offer unlimited certificates (they only charge for the validation, certificates are free). A second $60 ($120 total) gets your organization verified, again with the ability to issue unlimited certs.

    Let's Encrypt, run by the EFF, will be offering free certificates (starting in 2015) with an easy automatic validation and installation system that makes the technical side of deploying certs super easy.

    If, for some reason, that's not satisfactory, Comodo resellers like NameCheap offer PositiveSSL certs for less than $9/year. That's less than a beer at the local bar.

    The financial cost of getting a certificate is essentially negligible.

  5. Re: Stupid by heypete · · Score: 4, Informative

    Also to rent an ip address isn't free.

    IP-based SSL hosting hasn't been necessary since the development of SNI nearly a decade ago.

    Essentially all modern browsers (IE 7+, Firefox 2.0+, Chrome 6+ on XP [all versions of Chrome on Vista+ support SNI], Safari in iOS 4+, Android 3+, WP 7+, etc.) and servers support SNI.

    Several web hosts offer SNI-based SSL/TLS hosting at no additional charge.