The world is changing a lot lately. Come January, you can expect the Internet to change too. In just a couple of months, the Google Chrome security team will “publicly shame nearly half of the world’s websites that don’t use strong encryption.”
That means Chrome will flag any unencrypted websites that accept a username and password or credit card as “not secure.” Currently, the browser only warns you of the potential for trouble with these sites. Consider the fact that Chrome is by far the most popular browser in terms of browser usage and this is quite an ultimatum.
This is significant because most Internet users choose Chrome. According to w3schools.com, in September 2016, Chrome accounted for 72.5% of browser usage, while Firefox was 16.3% as the second most popular. But Chrome’s move here isn’t about making the Internet appear scary and unsafe – as it might just do on the surface for many users. For Parisa Tabriz, leader of the Chrome security team, the current state of security is “crazy” and their problem now is “trying to be honest with users.”
Thousands of popular websites use unencrypted HTTP connections, as opposed to encrypted HTTPS connections. And Google requiring those websites to make the switch isn’t an easy standard to meet. It can take months for a website to become entirely HTTPS. In late 2014, The New York Times challenged news sites to switch to HTTPS by the end of 2015. In September 2016, Wired announced they had entirely encrypted wired.com after beginning the switch in April. Yet The New York Times themselves have still not achieved this goal.
Media sites that use outside data like ads and video are dependent on those outside sources to encrypt the content. Another concern to address is changing the web addresses while maintaining the site’s high ranking in search results.
But Google’s move is all about making a more secure Internet. Without HTTPS, any user visiting an unencrypted site is vulnerable to hackers and eavesdroppers.
Ignorance is not bliss on the Internet
Browsers, such as Chrome, will try to warn users that a site is not secure. Currently on Chrome, if you visit a “not secure” website, there is a white page icon to the left of the URL, indicating a warning to viewers. And when you visit an unencrypted site, it will show a white circle with an “i” in it – welcoming viewers to click for more information.
The problem is, many users don’t understand what the symbols mean. Surveys conducted by Berkeley researchers and Google team members found that security warnings in web browsers are confusing to users. In January, instead of seeing a white circle with an “i” inside, to the left of the address bar will bluntly read: Not secure.
With the fact that you have a nearly 1 in 2 chance of visiting an insecure website, we wanted to share some tips to help you decipher the signs and make an empowered decision of whether or not to proceed.
Safeguard yourself from hackers and eavesdroppers with these quick tips:
- Look at the URL
If the URL of the website starts with “https” – not “http” – it means the site is secure via an SSL Certificate. Your data is secure.
Look also for a green address bar and lock icon to the left of the address bar. This means the site has an EV certificate, which is the “safest and most extensive” level of validation.
- Look at the domain
Make sure the website you want to visit is the one you’re on. Cyber attackers create domains and websites made look so similar to the real ones that unsuspecting web users don’t realize they’re being fooled. An attacker might buy the domain “app1e.com” (notice the “l” is replaced with the number “1”) and create a website that looks like the real apple.com. Then they’ll send you fake emails directing you to enter account information on their site. To know if you’re at the website you want to be at, look at the domain carefully.
You can stand up to cyber attackers and keep your personal data secure with these simple precautions in mind when browsing the web.