Slashdot Mirror

← Back to Stories (view on slashdot.org)

More Than 50 Percent of All Pages In Chrome Are Loaded Over HTTPS Now (onthewire.io)

Posted by msmash on from the secure-web dept.

Reader Trailrunner7 writes: After years of encouraging site owners to transition to HTTPS by default, Google officials say that the effort has begun to pay off. The company's data now shows that more than half of all pages loaded by Chrome on desktop platforms are served over HTTPS. Google has been among the louder advocates for the increased use of encryption across the web in the last few years. The company has made significant changes to its own infrastructure, encrypting the links between its data center, and also has made HTTPS the default connection option on many of its main services, including Gmail and search. And Google also has been encouraging owners of sites of all shapes and sizes to move to secure connections to protect their users from eavesdropping and data theft. That effort has begun to bear fruit in a big way. New data released by Google shows that at the end of October, 68 percent of pages loaded by the Chrome browser on Chrome OS machines were over HTTPS. That's a significant increase in just the last 10 months. At the end of 2015, just 50 percent of pages loaded by Chrome on Chrome OS were HTTPS. The numbers for the other desktop operating systems are on the rise as well, with macOS at 60 percent, Linux at 54 percent, and Windows at 53 percent.

5 of 136 comments (clear)

  1. Re:My personal web site does not support HTTPS by fph+il+quozientatore · · Score: 4, Informative

    Ever heard of https://letsencrypt.org/ ?

    --
    My first program:

    Hell Segmentation fault

  2. Re:Needless bullshit by swillden · · Score: 4, Informative

    Yes, HTTPS is fine for anything sensitive, but does my recipe site really need to provide HTTPS pages?

    That depends, is every user's browser perfectly secure? (Hint: the answer is no)

    HTTPS provides three guarantees that HTTP does not.

    1. Secrecy. This is the one that you focused on; keeping the contents of the traffic between your recipe server and its clients secure against eavesdroppers. You're probably right that it doesn't matter.
    2. Authentication. HTTPS verifies to the client that it is talking to the server it thinks it is, rather than some other, possibly malicious, server.
    3. Integrity. HTTPS that the contents of the traffic between your reciper server and its clients is secure against modification.

    Both 2 and 3 are important individually, and together they provide an assurance that your clients are getting your content and nothing else. Not only does this mean the recipes won't be modified, but it means the recipe documents cannot be modified so they exploit browser vulnerabilities to hijack the user's browser, or possibly the user's entire computer.

    Of course, this still leaves open the possibility that your recipe server is malicious, either because you are or because someone else has taken control of it. Those possibilities are addressed by Safe Browsing infrastructure that attempts to identify and warn users away from malicious sites. But that only works if the browser actually knows what site it's talking to, so HTTPS is an essential enabling technology for Safe Browsing.

    --
    Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  3. Re:And with StartCom dead... by Zocalo · · Score: 3, Informative

    Following numerous severe breaches of CA protocol by WoSign (StartCom's parent company) and by StartCom under their ownership, Mozilla, Google and Apple have all decided to revoke the trust in both the CAs - MS has yet to commit, but is very likely to follow suit. The only saving grace is that they are doing so in such a way as to not disrupt existing certificates, but if you get a new StartCom certificate now, it's not going to work in any of the major browsers in a few months time.

    --
    UNIX? They're not even circumcised! Savages!
  4. Re:Needless bullshit by vadim_t · · Score: 3, Informative

    Some ISPs and access points have been doing realtime traffic modification and inserting ads into websites. Since it's well known that some ads are malicious, then yes, it's very much beneficial for a recipe site run on SSL, because it makes it impossible to hijack the trusted and harmless site for nefarious purposes, such as serving you some kind of trojan via an ad.

  5. spyware by markdavis · · Score: 1, Informative

    Not only does most stuff not need to be HTTPS, it often destroys caching, lowers battery life, and hurts performance.... but also.... how does Google know these statistics unless they are freely admitting that they have major spyware in their non-open, binary-only Chrome browser? So this whole https on non-important pages is theoretically so much better for privacy and security, except that Google gets to know everywhere you go?

    There are many reasons I don't use Chrome....