More Than 50 Percent of All Pages In Chrome Are Loaded Over HTTPS Now (onthewire.io)
Reader Trailrunner7 writes: After years of encouraging site owners to transition to HTTPS by default, Google officials say that the effort has begun to pay off. The company's data now shows that more than half of all pages loaded by Chrome on desktop platforms are served over HTTPS. Google has been among the louder advocates for the increased use of encryption across the web in the last few years. The company has made significant changes to its own infrastructure, encrypting the links between its data center, and also has made HTTPS the default connection option on many of its main services, including Gmail and search. And Google also has been encouraging owners of sites of all shapes and sizes to move to secure connections to protect their users from eavesdropping and data theft. That effort has begun to bear fruit in a big way. New data released by Google shows that at the end of October, 68 percent of pages loaded by the Chrome browser on Chrome OS machines were over HTTPS. That's a significant increase in just the last 10 months. At the end of 2015, just 50 percent of pages loaded by Chrome on Chrome OS were HTTPS. The numbers for the other desktop operating systems are on the rise as well, with macOS at 60 percent, Linux at 54 percent, and Windows at 53 percent.
Over 9,000 Business users have switched to the Vonage Business Hosted VoIP service. Join the revolution & save up to 36.4% on your lol landlines are for oldies, Bill.
Upgrade your business phone system and save or don't. Our Hosted VoIP service empowers businesses like yours with over 40 built-in features, like ringing and answering. Enhance your productivity by talking more on a phone. Activation and on boarding is simple but our tools 24/7. Ready to move to the reliable Vonage Cloud? Speak to a VoIP specialist today and put your phone in the cloud. like what, I don't even. How did Vonage do it? They put the phone in the cloud! With my phone in the cloud I can use it anywhere, but I can't because it's a landline and the cord isn't very long.
loaded over...and then blanked out by JavaScript looking at Adblock's actions.
do they really think my next action would be to disable Adblock? Really? I just close the tab and move onto another page...
Great push for HTTPS, guys.
Good to know that when state actors or, heck, our own government, want to flood out DNS again, we'll be stuck resolving certificates and failing to consume services because we got so giddy with SSL everywhere.
Keep writing downgrade proxies and alternate routes. We're reaching a point where the US is self-sabotaging DNS.
Yes, HTTPS is fine for anything sensitive, but does my recipe site really need to provide HTTPS pages?
Seriously, there is no need for every site to output HTTPS pages. If you're really afraid that someone might eavesdrop and see you looking at Banana Bread recipes, you have bigger problems than an HTTPS connection can fix.
Just cruising through this digital world at 33 1/3 rpm...
Thanks to these guys encryption like it should be - quick, easy and no exorbitant fees imposed by the old school certification mob. Got everything running over TLS now - in production, staging and private... Cheers
Thanks Google. I feel so much safer now.
How do they know what websites I visit and what percentage of them are using HTTPS?
Sounds like I don't have the privacy they are trying to protect
it's not a perfect solution, but it's far better than nothing
And install Linux. Telemetry on what you pages you load going back to Google? No thanks.
... it's a racket for SSL authorities who charge for their certs. Unless you want to install onerous ACME software on your server. Suckage.
== Jez ==
Do you miss Firefox? Try Pale Moon.
Without HTTPS, you can't trust the Chinese government to not MITM your recipe and add a superdose of red hot chilli pepper as an ingredient in your recipe. Once they do, expect to get sued for burning my tongue.
I run Apache and I even compiled in HTTPS support, but here's the thing; I need a valid certificate which costs real money.
Is there an anonymous way to run an HTTPS server?
Something that doesn't guarantee the identity of the website, but still allows the traffic to be encrypted?
...where anyone visits with a browser?? Let this be a reminder, all you Chrome consumer sheep, not to wander anywhere that you wouldn't want Google (and therefore, the cops and feds) to know about.
My site is a podcast hosting where people connect to simply grab the latest episode, I am not going to pay for a fucking SSL cert for a read only site.
Sorry but there is no reason at all for SSL everywhere. read only sites dont need it and adding that heavy overhead to read only sites is a bunch of BS.
And the fact that them being able to get this information doesn't scare and infuriate people? Even if the metric is anonymized, why the fuck do people accept software that spies on you? Yes I'm aware that majority of software does.. but why the hell do we accept it?
Digital is, by definition, imperfect. Analog is the way to go.
Not only does most stuff not need to be HTTPS, it often destroys caching, lowers battery life, and hurts performance.... but also.... how does Google know these statistics unless they are freely admitting that they have major spyware in their non-open, binary-only Chrome browser? So this whole https on non-important pages is theoretically so much better for privacy and security, except that Google gets to know everywhere you go?
There are many reasons I don't use Chrome....
How does Google know this? I would assume they are keeping metrics of which sites people are viewing, in which case...
Whoa, Big Brother, much? I do not want my browser reporting back to the mothership of what sites I use or what passwords I use when I access whichever bank I use.
So https and "Let's Encrypt" is a massive money maker for Google.
Google makes their money off advertising. The more https, the more ad sales for them! And the less for their competitors.
It's a mega win for Google.
>After years of encouraging site owners to transition to HTTPS by default, Google officials say that the effort has begun to pay off.
Of fuck off, go sell some ads. Is this mere ad broker really claiming the credits of increased https adoption? That's rich. This is a company that loads all kinds of crapware ads and data collection crap in websites everywhere. The kind of shit company you have to filter out with ad blockers, with dns and anti-tracking plugins.
I keep saying that we want to encrypt all internet traffic, so as to make it impossible for the Three Letter Agencies to snoop on us all.
However I'm willing to amend that. Your recipe site does not need HTTPS. There, are you happy?
What we really need is for a substantial component of all Web traffic to be encrypted, and for 99.999% of all encrypted traffic to be recipe sites, standard commercial or financial traffic, porn, cat videos, political arguments, just boring old business as usual. That way, simply being encrypted does not draw the attention of the TLAs. We want that because when 0.1% of all Web traffic is encrypted, you can become a suspect just for using encryption. That's not right no matter what the TLAs say about it.
I don't know how great a traffic percentage a "substantial component" needs to be. Let's say between one-third and two thirds of all internet traffic, as a lower bounding limit. If I really had my way however, it would be 99.999% of all packets, everywhere.
And that's the problem. Until recently HTTP was the default and you had to specifically request and implement HTTPS. This resulted in the vast majority of all packets being unencrypted. We need to flip that around, so that HTTPS is the default and you only get HTTP if you specifically request and implement that.
It's the browser acting as if a self signed certificate is less secure than no certificate.
Browser makers find it important to accurately report the truth of the sense of security. A self-signed certificate used with the https: scheme gives a false sense of security, whereas the http: scheme gives a true sense of insecurity.
Let's encrypt may be better, but it depends on how browsers decide to treat domain-validated certificates.
The only browser I've ever seen that warns for valid domain-validated certificates is Comodo Dragon. Any certificate that isn't at least organization-validated causes Dragon to show the "mixed passive content" icon in the location bar and an amber interstitial, which resembles the red interstitial for an untrusted issuer and has text to this effect:
The easiest way to switch a legacy service to HTTPS is to install an NGINX reverse proxy in front of it.
Provided it has its own fully-qualified domain name.
If a service accessible over a LAN is normally accessed with a private IP address (such as one in 192.168/16), or with a hostname under a phony TLD (such as .local), the CAs won't issue a certificate. This is true, for example, of the HTTP server for administering a router, printer, or NAS. Mozilla's FAQ about deprecation of cleartext HTTP acknowledges this problem but offers no fix yet:
There's also the expense and upkeep of maintaining current certificates. I have 100+ sites
Then set up Certbot or another ACME client to renew certificates for 100+ of these sites, and put it on a cron job.
Anyone still trusting Google for ANYTHING in 2016 is a fool. If you're not actively blocking everything Google-powered from a trustworthy browser (anything Google didn't create or help create), you're being tracked by Google, and a quick visit to your Google preferences will show you a disturbing trail of all the Googlebot sites you've been to. And while they say you can "disable" this, they're still tracking you behind the scenes.
Just say "fuck you" to Google and embrace privacy and common sense. Oh, and if you have a smartphone of ANY description, not just Google and even if you've disable as much Googleification on the Androids, you're still being tracked. We need to start fighting back against being tracked, cataloged, categorized, and watched NOW. Say no to Google, Microsoft, Amazon, Apple, and many other companies that wants nothing but to watch everything you do and give themselves and other companies the opportunity to deny you things or at least change what they offer based on your innocent habits. The fallacy of "I have nothing to hide" is complete bullshit, and you need to understand that not giving your habits to companies is not just for people trying to hide illegal or bad activities.
how many pages that chrome loads are to google's own sites, services, and pages? gmail? https. youtube? https. photos and g+? https. search? https. even grandma's web searches for "google" and "yahoo" and "hotmail" get counted.
HyperText Markup Language (HTML) is the standard markup language for creating web pages and web applications. With Cascading Style Sheets (CSS), and JavaScript, it forms a triad of cornerstone technologies for the World Wide Web.[1] Web browsers receive HTML documents from a webserver or from local storage and render them into multimedia web pages. HTML describes the structure of a web page semantically and originally included cues for the appearance of the document.
tamil ringtones
Thus the inclusion of WebRTC and Fullscreen in the Secure Contexts proposal, currently a W3C Candidate Recommendation, is one big handout to domain registrars. Ten million homes with NAS devices means 10 million domains that need to be registered and renewed annually, to the tune of $100 million a year for registrars. At least it's not quite as bad as it'd be without Let's Encrypt, in which it would have been a handout to both the registrar racket and the CA racket.
How come no one points out the concern about how Google is apparently harvesting URL information from deployed instances of Chrome?