Slashdot Mirror

← Back to Stories (view on slashdot.org)

Chrome Will Start Marking HTTP Sites In Incognito Mode As Non-Secure In October (venturebeat.com)

Posted by msmash on from the tightening-the-bolts dept.

Reader Krystalo writes: Google today announced the second step in its plan to mark all HTTP sites as non-secure in Chrome. Starting in October 2017, Chrome will mark HTTP sites with entered data and HTTP sites in Incognito mode as non-secure. With the release of Chrome 56 in January 2017, Google's browser started marking HTTP pages that collect passwords or credit cards as "Not Secure" in the address bar. Since then, Google has seen a 23 percent reduction in the fraction of navigations to HTTP pages with password or credit card forms on Chrome for desktop. Chrome 62 (we're currently on Chrome 58) will take this to the next level.

3 of 67 comments (clear)

  1. Is "Krystalo" actually Emil Protalinski? by Anonymous Coward · · Score: 4, Interesting

    Is "Krystalo", the submitter of this submission, actually Emil Protalinski? All three of the articles linked to by this submission are on this "VentureBeat" site, and all three list "Emil Protalinski" as the author.

    A cursory glance at the submission history for this "Krystalo" Slashdot user shows other submissions linking to this "VentureBeat" site.

    So perhaps this is a case of self-promotion, where this "Emil Protalinski" fellow is submitting his own articles to Slashdot as "Krystalo"? Or perhaps it's a colleague doing it?

    Emil Protalinski, can you please confirm what is happening in this case?

    This "VentureBeat" situation is starting to look a lot like the "BetaNews" situation. There appears to be about one "VentureBeat" submission that gets on the Slashdot front page each week.

    Now this isn't as bad as the "BetaNews" submissions, which end up on the Slashdot front page almost daily. Sometimes there are even multiple submissions in a single day linking to "BetaNews" articles!

    The Slashdot editors should really be careful about accepting submissions from people who may have written the articles being submitted. It starts to make Slashdot look sketchy when there's a submission from "BetaNews" on the Slashdot front page almost every day, and one from "VentureBeat" almost every week.

    We should get a variety of news here, and it should not come from the same sources again and again and again and again, especially if it may be the sources themselves that are submitting submissions that link back to their own sites.

  2. Re:Do I really want to know by Afty0r · · Score: 4, Informative

    How they know this?

    From all the browsing activity conducted through Google Chrome by people who have agreed to let them use anonymised browsing data for statistical purposes.

  3. Re:good by Anonymous Coward · · Score: 3, Informative

    The cert expires after 3 months, not the key. I use Let's Encrypt with key pinning and have had the same key pinned for over a year. The verification of domains by Let's Encrypt is similar to that of other CAs. A cert means control over a domain, nothing more.