Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Chrome Pushes For User Protection With 'Not secure' Label (axios.com)

Posted by msmash on from the up-next dept.

In an effort to force websites to better protect their users, the Chrome web browser will label all sites not encrypted traffic as "Not secure" in the web address bar, Google announced Thursday. From a report: Encrypted traffic allows users to access data on a website without allowing potential eavesdroppers to see anything the users visit. HTTPS also prevents meddlers from changing information in transit. During normal web browsing, Google currently displays a "Not secure" warning in the next to a site's URL if it forgoes HTTPS encryption and a user enters data. Now the browser will label all sites without HTTPS encryption this way.

2 of 85 comments (clear)

  1. Entire internet doesn't need to be https by iamhassi · · Score: 4, Insightful

    This is silly. Google is saying every website needs to be https. That's not true and is a waste of money and time to make every site https

    --
    my karma will be here long after I'm gone
    1. Re:Entire internet doesn't need to be https by tlhIngan · · Score: 4, Interesting

      It isn't even an issue of money either. Let's Encrypt offers free certificates so I don't want to hear that it is a time and money issue.

      It's a reputation issue. Given Let's Encrypt has issued over 14,000 paypal phishing certificates, one would think you should revoke Let's Encrypt certificates. After all, if Symantec, Comodo or others issued those, we'd be calling for blood.

      The only reason we aren't is because Let's Encrypt has big names like EFF and Mozilla behind them. But all the scammers are basically dragging them through the mud - are your EFF donations being used to scam poor old ladies out of their money? Is scamming people really the goal of EFF and Mozilla?

      Heck, it's actually kind of funny because a new exploit opened up on sites using Let's Encrypt, because they have a well-known directory that's being used to hide cryptocurrency miners and other things, too.

      Maybe if there was a way to grade the quality of a certificate - Let's Encrypt can be made low, sites that charge with a real valid billing address (i.e., used a credit card, as opposed to bitcoin) can be higher rated because there is accountability down the line - including down to a real name and address.