Safari Tests 'Not Secure' Warning For Unencrypted Websites

Similar to Chrome, Apple's Safari browser is testing a warning system for when users visit websites that aren't protected by HTTPS encryption. "The feature for now is only in Safari Technology Preview 70, a version of the web browser Apple uses to test technology it typically brings to the ordinary version of Safari," reports CNET. From the report: Apple didn't immediately respond to a request for comment on its plans for bringing the warning to mainstream Safari. Apple's browser does warn you already if you have an insecure connection to a very sensitive website for typing in passwords or credit card numbers.

Re:Isn't this a waste?

Do we really need SSL on everything?

Yes. Only securing "sensitive" traffic makes it trivially easy to identify "sensitive" traffic.

Also, Yes! What what you consider non-sensitive information may, in fact, be useful to a malicious actor listening in on the wire.

Do you really want your ISP any one else in the transit path between you and Google knowing what search terms you enter? That's between you and Google. Do you want your ISP censoring your Internet? Modifying pages as they come back to remove "bad" words?

SSL also helps to prevent modification of data in transit. The most easy example of this is inserting malicious javascript in a page as it passes through one of the many hops enroute to you. With SSL you have some confidence (if you trust the CA, for example) that you are talking directly to the remote host you think you are and that nobody can insert malicious code or modify the data on its way to you without your client noticing.