Slashdot Mirror

← Back to Stories (view on slashdot.org)

More Than 50 Percent of All Pages In Chrome Are Loaded Over HTTPS Now (onthewire.io)

Posted by msmash on from the secure-web dept.

Reader Trailrunner7 writes: After years of encouraging site owners to transition to HTTPS by default, Google officials say that the effort has begun to pay off. The company's data now shows that more than half of all pages loaded by Chrome on desktop platforms are served over HTTPS. Google has been among the louder advocates for the increased use of encryption across the web in the last few years. The company has made significant changes to its own infrastructure, encrypting the links between its data center, and also has made HTTPS the default connection option on many of its main services, including Gmail and search. And Google also has been encouraging owners of sites of all shapes and sizes to move to secure connections to protect their users from eavesdropping and data theft. That effort has begun to bear fruit in a big way. New data released by Google shows that at the end of October, 68 percent of pages loaded by the Chrome browser on Chrome OS machines were over HTTPS. That's a significant increase in just the last 10 months. At the end of 2015, just 50 percent of pages loaded by Chrome on Chrome OS were HTTPS. The numbers for the other desktop operating systems are on the rise as well, with macOS at 60 percent, Linux at 54 percent, and Windows at 53 percent.

6 of 136 comments (clear)

  1. ...and then blanked out by JavaScript by Anonymous Coward · · Score: 4, Insightful

    loaded over...and then blanked out by JavaScript looking at Adblock's actions.

    do they really think my next action would be to disable Adblock? Really? I just close the tab and move onto another page...

  2. Needless bullshit by JustAnotherOldGuy · · Score: 4, Insightful

    Yes, HTTPS is fine for anything sensitive, but does my recipe site really need to provide HTTPS pages?

    Seriously, there is no need for every site to output HTTPS pages. If you're really afraid that someone might eavesdrop and see you looking at Banana Bread recipes, you have bigger problems than an HTTPS connection can fix.

    --
    Just cruising through this digital world at 33 1/3 rpm...
    1. Re:Needless bullshit by kangsterizer · · Score: 4, Insightful

      https also ensure the pages cannot be modified. if someone knows your recipe site, they trust you and its content.
      if tomorrow they visit and it asks for a donation for example, they'll think its for you and donate. bad luck, it was the attacker.

      basically, there is more than confidentiality issues ("they can see your data"). there's also integrity issues ("they can change the data displayed")

      besides - there's plenty of ways this can go wrong for confidentiality as well. there are billions of websites. some start as a recipe site, and end up asking login, processing password, etc. some not. people make mistakes along the way. its much safer and easier to basically require https across the board - specially that its pretty much free to do so now.

    2. Re:Needless bullshit by swillden · · Score: 4, Informative

      Yes, HTTPS is fine for anything sensitive, but does my recipe site really need to provide HTTPS pages?

      That depends, is every user's browser perfectly secure? (Hint: the answer is no)

      HTTPS provides three guarantees that HTTP does not.

      1. Secrecy. This is the one that you focused on; keeping the contents of the traffic between your recipe server and its clients secure against eavesdroppers. You're probably right that it doesn't matter.
      2. Authentication. HTTPS verifies to the client that it is talking to the server it thinks it is, rather than some other, possibly malicious, server.
      3. Integrity. HTTPS that the contents of the traffic between your reciper server and its clients is secure against modification.

      Both 2 and 3 are important individually, and together they provide an assurance that your clients are getting your content and nothing else. Not only does this mean the recipes won't be modified, but it means the recipe documents cannot be modified so they exploit browser vulnerabilities to hijack the user's browser, or possibly the user's entire computer.

      Of course, this still leaves open the possibility that your recipe server is malicious, either because you are or because someone else has taken control of it. Those possibilities are addressed by Safe Browsing infrastructure that attempts to identify and warn users away from malicious sites. But that only works if the browser actually knows what site it's talking to, so HTTPS is an essential enabling technology for Safe Browsing.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    3. Re:Needless bullshit by Second_Derivative · · Score: 4, Insightful

      If a small amount of global web traffic is encrypted then the encrypted traffic will stand out and bring scrutiny.

      If everything is encrypted, no matter how mundane, then genuinely sensitive traffic becomes less conspicuous.

  3. Re:My personal web site does not support HTTPS by fph+il+quozientatore · · Score: 4, Informative

    Ever heard of https://letsencrypt.org/ ?

    --
    My first program:

    Hell Segmentation fault